How to export non-exportable private key from store

views:

answers:

How to export non-exportable private key from store

I need to export private key from Windows store. What should I do if key marked as non-exportable? I know that it is possible, program jailbreak can export this keys.

To export key I use Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair() that export key from (RSACryptoServiceProvider)cryptoProv.ExportParameters(true). Exported key I use in Org.BouncyCastle.Cms.CmsSignedDataGenerator for CMS signature.

I need solution for .Net, but any solution will be useful. Thank you.

There is no API that I am aware of to export Windows private keys that were marked "non-exportable" at their creation. There may be various hacks out there, but their details will probably change from one version of the system to another without warning.

GregS 2010-10-12 14:57:21

+1 A:

Maybe you can use "mimikatz" ( http://www.gentilkiwi.com/outils-s44-t-mimikatz.htm#bonus ), it can export non-exportable keys (and also orphan, protected, etc...)

Try it ? ;)

Gentil Kiwi 2010-10-19 23:30:11

Thank you. As I understand, this utility only exports all keys from the store, if the store contains too many certificates it takes a lot of time. Maybe I have not figured out, but can you export specific pfx certificate with this util? And how can I decode *.pvk file in my program? I solved my problem by integrating RSACryptoServiceProvider into CmsSignedDataGenerator.

Gorf 2010-10-20 13:47:47

This tool export all key AND individual PFX of certificate/key.Maybe can I adapt the code to select only a specified certificate (it is a forensic tool not an utility ;))For the PVK format, OpenSSL 1.x convert it without any problem :)openssl rsa -inform pvk -in fichier.pvk -outform pem -out fichier.pem

Gentil Kiwi 2010-10-20 22:52:33

ansaurus

tags:

views:

answers:

How to export non-exportable private key from store

related questions