[英]Export snk from non-exportable key container
I have created a snk file using sn -k KeyFile.snk
我已经使用
sn -k KeyFile.snk
创建了一个snk文件
I installed it on my test machine and signed a couple of files for use as a license file. 我将其安装在测试计算机上,并签署了两个文件以用作许可证文件。
I exported the public key and embed it in my application in order to verify the license. 我导出了公钥并将其嵌入到我的应用程序中,以验证许可证。
Now the problem is that i lost my Keyfile.snk
and i want to install the key pair on a production server. 现在的问题是我丢失了
Keyfile.snk
并且想在生产服务器上安装密钥对。 I can't generate a new keypair since i have already issued licenses using the old keypair and the application is already installed on several customer's PCs. 我无法生成新的密钥对,因为我已经使用旧的密钥对颁发了许可证,并且该应用程序已经安装在多位客户的PC上。
I tried exporting it from my test machine's key container but it is set as non-exportable. 我尝试从测试机的密钥容器中导出它,但是将其设置为不可导出。
I used mimikatz to force an export. 我用mimikatz强制出口。 It worked, but it returned a .pvk file.
它可以工作,但是返回了一个.pvk文件。
And now i'm stuck. 现在我被困住了。
Any idea to how i should proceed? 任何想法,我应该如何进行?
Thank you. 谢谢。
I'm the author of mimikatz, don't you know that you can convert PVK with OpenSSL ? 我是mimikatz的作者,您不知道可以使用OpenSSL转换PVK吗?
http://blog.gentilkiwi.com/cryptographie/openssl-conversion-pvk-microsoft-privatekey-blob http://blog.gentilkiwi.com/cryptographie/openssl-conversion-pvk-microsoft-privatekey-blob
You can also make a pfx/p12 with the public certificate (sn -p) and the converted PEM key :) 您还可以使用公共证书(sn -p)和转换后的PEM密钥来创建pfx / p12 :)
The .pvk format was often used for storing Authenticode(tm) private keys. .pvk格式通常用于存储Authenticode(tm)私钥。 It's a simple format and the Mono project has tools to read it.
这是一种简单的格式,Mono项目具有读取它的工具。 Mono also has tools to read and write .snk files.
Mono还具有读取和写入.snk文件的工具。
However I don't recall any tool doing the conversion so you'll likely need to write a small piece of code to read the PVK and write it as an SNK (with an RSA instance in-between). 但是,我不记得有任何工具可以进行转换,因此您可能需要编写一小段代码来读取PVK并将其作为SNK编写(介于RSA实例之间)。
Everything you need exists inside the Mono.Security assembly that Mono provides (or that you can compile on your own). 您需要的所有内容都存在于Mono提供的Mono.Security程序集中 (或者您可以自己编译)。
Disclaimer: I'm the main author of the Mono code discussed above and it is all available under the MIT.X11 license 免责声明: 我是上面讨论的Mono代码的主要作者,所有代码都可以在MIT.X11许可下获得。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.