[英]Retrieving private key from USB EV certificate
I'm trying to use PowerShell to extract a private key from a certificate stored in the personal store.我正在尝试使用 PowerShell 从存储在个人存储中的证书中提取私钥。 This is an EV Code signing certificate that came with the key on a USB device.
这是一个 EV 代码签名证书,随 USB 设备上的密钥一起提供。
Most of the tools I've found seem related to Local Machine certificates and are not working, and I hit on the steps in this post: https://hope.mx/2019/recovering-a-certificate-where-the-private-key-is-marked-as-non-exportable/我发现的大多数工具似乎都与本地机器证书有关并且不起作用,我点击了这篇文章中的步骤: https ://hope.mx/2019/recovering-a-certificate-where-the-private -key-is-marked-as-non-exportable/
I tried to use those steps:我尝试使用这些步骤:
PS Cert:\CurrentUser\My> $a = Get-Item Cert:\CurrentUser\My\A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0
PS Cert:\CurrentUser\My> $a.PrivateKey.CspKeyContainerInfo
MachineKeyStore : False
ProviderName : eToken Base Cryptographic Provider
ProviderType : 1
KeyContainerName : te-cd6cd72c-da9c-4862-b02d-419e7ac19123
UniqueKeyContainerName : te-cd6cd72c-da9c-4862-b02d-419e7ac19123
KeyNumber : Exchange
Exportable : False
HardwareDevice : True
Removable : True
Accessible : True
Protected : True
CryptoKeySecurity :
RandomlyGenerated : False
It was my understanding that I should be able to find that file under C:\ProgramData\Microsoft\Crypto\RSA, but it is not there and in fact none of the files in the RSA directories even start with "te-"据我了解,我应该能够在 C:\ProgramData\Microsoft\Crypto\RSA 下找到该文件,但它不存在,实际上 RSA 目录中的文件都没有以“te-”开头
Does that value really represent the name of the private key file someplace in the system?该值是否真的代表系统中某个位置的私钥文件的名称? If so, where?
如果有,在哪里?
Does that value really represent the name of the private key file someplace in the system?
该值是否真的代表系统中某个位置的私钥文件的名称?
If so, where?
如果有,在哪里?
$a.Thumbprint
is the unique container where the key file is stored. $a.Thumbprint
是存储密钥文件的唯一容器。
This corresponds to %APPDATA%\Microsoft\SystemCertificates\My\Certificates
这对应于
%APPDATA%\Microsoft\SystemCertificates\My\Certificates
This should be a good start to what you're looking for.这应该是您正在寻找的一个好的开始。
#!/usr/bin/env powershell
$a = Get-Item -Path Cert:\CurrentUser\My\10EDAD11F3A6F39FBA5E38A2480D96979D33ABD0
$thumb = $a.Thumbprint
$path = "$env:APPDATA/Microsoft/SystemCertificates/My/Certificates/" + $thumb
Write-Output -InputObject $path
Test-Path -Path $path
& "$env:windir/system32/certutil.exe" $path
I've taken some info from here.我从这里获取了一些信息。
It is a token (hardware device) that was built to protect the private key - which means it shall not be exported.它是为保护私钥而构建的令牌(硬件设备)——这意味着它不应被导出。 Sorry to say: You cannot.
很抱歉地说:你不能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.