michel gallant

The .NET Strong Name tool sn.exe has an option which allows
importing an sn-generated keypair into a named keycontainer under
CryptoAPI storage:
sn -i
However, that option does not raise the protected storage dialog if
you wish to further protect access to the keycontainer with a password,
and also imports the key as non-exportable.

Here is a short Pinvoke C# utility which extends sn -i functionality
by directly calling CryptImportKey on a snk file (which is an unencrypted
PRIVATEKEYBLOB) with options to raise the Data Protection dialog, and
marking the key as exportable:
http://pages.istar.ca/~neutron/ (Utility: "Importing .NET keyfiles into CryptoAPI").

- Michel Gallant
MVP Security