9,333 questions
Provide Permission for certificate for Microsoft Storage Key Provider type
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 74%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKU%3C/text%3E%3C/svg%3E)
Kandasamy, Usharani (ADV D AA SB SSPS CAP AC2)
1
Reputation point
I am using CSPParams to provide permissions for certificate private/public key container name. But in Windows 11 and Windows 2022, receiving the storage provider as "Microsoft Key Storage Provider" for RSA certificates. And ProviderType value as 24 which is not available in CspProviderFlags.
For older version of OS, I am receiveing a provider name as Microsoft Enhanced Cryptographic Provider V1.0 for RSA certificates. And below code has been used to provide "Generic Read" permissions for the users,
var cspParams = new CspParameters(rsa.CspKeyContainerInfo.ProviderType, rsa.CspKeyContainerInfo.ProviderName, ((System.Security.Cryptography.RSACng)data).Key.UniqueName)
{
Flags = CspProviderFlags.UseExistingKey | CspProviderFlags.UseMachineKeyStore,
CryptoKeySecurity = rsa.CspKeyContainerInfo.CryptoKeySecurity
};
cspParams.CryptoKeySecurity.AddAccessRule(new CryptoKeyAccessRule("S-1-5-32-545", "GenericRead", AccessControlType.Allow));
How I can apply the permissions for the certificate for KSP?.
Microsoft Security | Microsoft Authenticator
Sign in to answer