William Bartholomew wrote: > 1. I couldn't run "sn.exe -k" to create a key pair, I received an > "Access is denied." error. So I used "runas" to execute sn as the local > administrator user and it successfully created the strong-name key pair. > ... > A Google Groups search reveals that this is caused by insufficient > permissions to the following directory:
> C:\Documents and Settings\All Users\Application > Data\Microsoft\Crypto\RSA\MachineKeys > Does anyone know what the correct permissions should be? And what if any > is the security implication of granting these permissions? I haven't had to do this, but I would speculate that you need Read/Write/Modify. The RSA classes use files under the aforementioned directory for key container storage. When you create a new key pair, which is what sn is doing, the system needs to write a file to the folder, which, in the case of sn -k, is ephemeral. So that's the reason you get an error running sn -k. The reason you get the access denied when compiling is that the system needs to use the key pair to sign the assembly. In order to do that, the key pair is read from the key file into a temporary container, backed by a temp file in the MachineKeys folder. -- Steve Johnson =================================== This list is hosted by DevelopMentorŪ http://www.develop.com Some .NET courses you may be interested in: NEW! Guerrilla ASP.NET, 17 May 2004, in Los Angeles http://www.develop.com/courses/gaspdotnetls View archives and manage your subscription(s) at http://discuss.develop.com
