Adding permissions to private key using Powershell


Hi there!
Continuing series of posts about automating some things 🙂
Today’s post will be about private keys and adding needed permissions.

In cryptography, a private key (secret key) is a variable that is used with an algorithm to encrypt and decrypt code. Quality encryption always follows a fundamental rule: the algorithm doesn’t need to be kept secret, but the key does. Private keys play important roles in both symmetric and asymmetric cryptography.

Some of your applications need to have access to private keys and I will tell you how you can do it using a Powershell.

The main idea, that these private keys are stored in some folder like ordinary file, and we can set permissions like I was describing in previous article Adding permissions to folder using PowerShell.

So, first step is to find the cert in store. We can search cert by subject or thumbprint, or something else. When we have cert object, we need a UniqueKeyContainerName, which we will be a file name.

All these files are stored in one folder: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys. Combining file name and folder will give us a path to the needed file. Now we can check if this file has needed permissions and if not – add them:

That’s it! Now you can automate more and more things 🙂


Leave a Reply