static CryptoKeySecurity GetCspPrivateKeySecurity(SafeCertContextHandle certificate) { using (var cspHandle = CertificatePal.GetCspPrivateKey(certificate)) { var security = new CryptoKeySecurity(); security.SetSecurityDescriptorBinaryForm(CertificatePal.GetCspPrivateKeySecurity(cspHandle), AccessControlSections.Access); return(security); } }
internal static void SetAccessRuleOnKSPKey(CngKey key, string accountName, CryptoKeyRights keyAccessMask) { const string NCRYPT_SECURITY_DESCR_PROPERTY = "Security Descr"; const CngPropertyOptions DACL_SECURITY_INFORMATION = (CngPropertyOptions)4; // retrieve existing permissions var existingACL = key.GetProperty(NCRYPT_SECURITY_DESCR_PROPERTY, DACL_SECURITY_INFORMATION); // add new rule CryptoKeySecurity keySec = new CryptoKeySecurity(); keySec.SetSecurityDescriptorBinaryForm(existingACL.GetValue()); keySec.AddAccessRule(new CryptoKeyAccessRule(accountName, keyAccessMask, AccessControlType.Allow)); // put back CngProperty updatedACL = new CngProperty(existingACL.Name, keySec.GetSecurityDescriptorBinaryForm(), CngPropertyOptions.Persist | DACL_SECURITY_INFORMATION); key.SetProperty(updatedACL); }