Exporting RSA public keys in .NET and .NET Framework.NET and .NET Framework don’t provide any methods to export RSA public keys in PEM format. But with some extension methods and a little help from CryptoAPI, we can fill that gap. Continue »
Importing RSA public keys in downlevel .NET and .NET Framework versionsIn .NET 5 and 6, we can use RSA.ImportFromPem to import a PEM-formatted RSA public key. Older .NET Core versions and .NET Framework don’t offer that functionality – but with a little help from CryptoAPI, we can fill that gap. Continue »
Why use CNG instead of CryptoAPI to store keysIn the last posts, I talked a bit about using CryptoAPI and CNG to manage encryption keys, and how using CNG sometimes requires some extra work. That begs the question – is that extra work justified? Continue »
Using a CryptoAPI-backed key as service account keyUsing service account keys to authenticate a service account is generally discouraged on Google Cloud, but sometimes difficult to avoid. The most common way to use service account keys is to create a new key by using the Cloud Console or gcloud, but you can also upload existing keys, including CryptoAPI-based keys. Continue »
The hidden danger of forgetting to specify %SystemRoot% in a custom environment blockWhen spawning a process using CreateProcess and friends, the child process usually inherits the environment (i.e. all environment variables) of the spawning process. Of course, this behavior can be overridden by creating a custom environment block and passing it to the lpEnvironment parameter of CreateProcess. While the MSDN documentation on CreateProcess does contain a remark saying that current directory information (=C: and friends) should be included in such a custom environment block, it does not mention the importance of SystemRoot. Continue »