堆栈内存溢出
  简体   繁体   English

从 USB EV 证书中检索私钥

[英]Retrieving private key from USB EV certificate

 原文  2022-05-26 13:28:55       powershell/ certificate/ code-signing/ cryptoapi/ pfx

问题描述

I'm trying to use PowerShell to extract a private key from a certificate stored in the personal store.我正在尝试使用 PowerShell 从存储在个人存储中的证书中提取私钥。 This is an EV Code signing certificate that came with the key on a USB device.这是一个 EV 代码签名证书,随 USB 设备上的密钥一起提供。

Most of the tools I've found seem related to Local Machine certificates and are not working, and I hit on the steps in this post: https://hope.mx/2019/recovering-a-certificate-where-the-private-key-is-marked-as-non-exportable/我发现的大多数工具似乎都与本地机器证书有关并且不起作用,我点击了这篇文章中的步骤: https ://hope.mx/2019/recovering-a-certificate-where-the-private -key-is-marked-as-non-exportable/

I tried to use those steps:我尝试使用这些步骤:

PS Cert:\CurrentUser\My> $a = Get-Item Cert:\CurrentUser\My\A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0

PS Cert:\CurrentUser\My> $a.PrivateKey.CspKeyContainerInfo


MachineKeyStore        : False
ProviderName           : eToken Base Cryptographic Provider
ProviderType           : 1
KeyContainerName       : te-cd6cd72c-da9c-4862-b02d-419e7ac19123
UniqueKeyContainerName : te-cd6cd72c-da9c-4862-b02d-419e7ac19123
KeyNumber              : Exchange
Exportable             : False
HardwareDevice         : True
Removable              : True
Accessible             : True
Protected              : True
CryptoKeySecurity      :
RandomlyGenerated      : False

It was my understanding that I should be able to find that file under C:\ProgramData\Microsoft\Crypto\RSA, but it is not there and in fact none of the files in the RSA directories even start with "te-"据我了解,我应该能够在 C:\ProgramData\Microsoft\Crypto\RSA 下找到该文件,但它不存在,实际上 RSA 目录中的文件都没有以“te-”开头

Does that value really represent the name of the private key file someplace in the system?该值是否真的代表系统中某个位置的私钥文件的名称? If so, where?如果有,在哪里?

2 个解决方案

解决方案1
 0  2022-05-26 16:44:22

Does that value really represent the name of the private key file someplace in the system?该值是否真的代表系统中某个位置的私钥文件的名称?

Yes是的

If so, where?如果有,在哪里?

$a.Thumbprint is the unique container where the key file is stored. $a.Thumbprint是存储密钥文件的唯一容器。

This corresponds to %APPDATA%\Microsoft\SystemCertificates\My\Certificates这对应于%APPDATA%\Microsoft\SystemCertificates\My\Certificates

This should be a good start to what you're looking for.这应该是您正在寻找的一个好的开始。

    #!/usr/bin/env powershell
$a = Get-Item -Path Cert:\CurrentUser\My\10EDAD11F3A6F39FBA5E38A2480D96979D33ABD0

$thumb = $a.Thumbprint
$path = "$env:APPDATA/Microsoft/SystemCertificates/My/Certificates/" + $thumb
Write-Output -InputObject $path
Test-Path -Path $path
& "$env:windir/system32/certutil.exe" $path

I've taken some info from here.我从这里获取了一些信息。

解决方案2
 0  2022-06-07 12:00:21

It is a token (hardware device) that was built to protect the private key - which means it shall not be exported.它是为保护私钥而构建的令牌(硬件设备)——这意味着它不应被导出。 Sorry to say: You cannot.很抱歉地说:你不能。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用私钥导入证书 - Importing Certificate with private key 将 SSL 证书从 Azure 密钥保管库检索到 Azure 应用服务 - Retrieving SSL certificate from Azure key vault to Azure app service Azure Key Vault 下载带有私钥的证书 - Azure Key Vault download certificate with private key KeyVault 生成的带有可导出私钥的证书 - KeyVault generated certificate with exportable private key 从 pfx 文件或证书存储中提取私钥,而无需在 Windows 上使用 OpenSSL - Extract private key from pfx file or certificate store WITHOUT using OpenSSL on Windows 如何使用 powershell 向用户授予证书私钥的权限? - How to Grant permission to user on Certificate private key using powershell? 使用 PowerShell 导出带有私钥的证书,包括路径中的所有证书 - Export Certificate with private key including all certificates in path using powershell Powershell 生成的自签名证书不包含私钥 - Powershell Generated Self Signed Certificate Doesn't Include Private Key SSL证书请求过程中何时生成私钥? - When is the private key generated in the SSL certificate request process? Powershell电子邮件格式并从证书主题中检索CN - Powershell Email format and retrieving CN from Certificate subject
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM