Extract private key from pfx file or certificate store WITHOUT using OpenSSL on Windows

后端未结

关注

 5  2363

As the title suggests I would like to export my private key without using OpenSSL or any other third party tool. If I need a .cer file or .pfx file I c

相关标签:

5条回答

孤城傲影

2021-02-19 09:17

If I understand correctly certutil should do it for you.

certutil -exportPFX -p "ThePasswordToKeyonPFXFile" my [serialNumberOfCert] [fileNameOfPFx]

0 讨论(0)
发布评论:

提交评论
- 加载中...
傲寒

2021-02-19 09:19
The Key, when exportable, can be exported using several APIs to several formats. The most common would be PKCS#8 (industry standard) and XML (MSFT properitary afaik).

Have a look at these answers:
- Export CngKey in PKCS8 with encryption c#
- C# (.NET) RSACryptoServiceProvider import/export x509 public key blob and PKCS8 private key blob
- Convert RSACryptoServiceProvider RSA XML key to PKCS8
- RSACng and CngKeyBlobFormat import and export formats
0 讨论(0)
发布评论:

提交评论
- 加载中...

孤街浪徒

2021-02-19 09:26

Try something like this:

$mypwd = ConvertTo-SecureString -String "MyPassword" -Force -AsPlainText
$mypfx = Get-PfxData -FilePath C:\Users\oscar\Desktop\localhost.pfx -Password $mypwd
Export-PfxCertificate -PFXData $mypfx -FilePath C:\Users\oscar\Desktop\localhost.pfx -Password $NewPwd

0 讨论(0)

渐次进展

2021-02-19 09:31

Hm. Have you tried opening the cert store, and getting the private key that way? Pretty sure this will only work with RSA/DSA certs though.

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::My,"localmachine")
$store.Open("MaxAllowed")
$cert = $store.Certificates | ?{$_.subject -match "^CN=asdasd"}
$cert.PrivateKey.ToXmlString($false)
$store.Close()

0 讨论(0)

野性不改

2021-02-19 09:42
I had the same problem and solved it with the help of PSPKI Powershell module from PS Gallery. While I understand that you look for a solution that preferably uses some built in functionality in Windows, installing a module from PS Gallery might be acceptable. At least it was in my case.

First install the PSPKI module (I assume hat the PSGallery repository has already been set up):
```
Install-Module -Name PSPKI
```
The PSPKI module provides a Cmdlet Convert-PfxToPem which converts a pfx-file to a pem-file which contains the certificate and pirvate key as base64-encoded text:
```
Convert-PfxToPem -InputFile C:\path\to\pfx\file.pfx -Outputfile C:\path\to\pem\file.pem
```
Now, all we need to do is splitting the pem-file with some regex magic. For example, like this:
```
(Get-Content C:\path\to\pem\file.pem -Raw) -match "(?ms)(\s*((?<privatekey>-----BEGIN PRIVATE KEY-----.*?-
----END PRIVATE KEY-----)|(?<certificate>-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----))\s*){2}"

$Matches["privatekey"] | Set-Content "C:\path\to\key\file.pem"
$Matches["certificate"] | Set-Content "C:\path\to\certificate\file.pem"
```
0 讨论(0)
发布评论:

提交评论
- 加载中...