从不可导出的密钥容器中导出snk

Question

I have created a snk file using sn -k KeyFile.snk
I installed it on my test machine and signed a couple of files for use as a license file.
I exported the public key and embed it in my application in order to verify the license.

Now the problem is that i lost my Keyfile.snk and i want to install the key pair on a production server. I can't generate a new keypair since i have already issued licenses using the old keypair and the application is already installed on several customer's PCs.

I tried exporting it from my test machine's key container but it is set as non-exportable.
I used mimikatz to force an export. It worked, but it returned a .pvk file.
And now i'm stuck.

Any idea to how i should proceed?
Thank you.

Answer 1

I'm the author of mimikatz, don't you know that you can convert PVK with OpenSSL ?

http://blog.gentilkiwi.com/cryptographie/openssl-conversion-pvk-microsoft-privatekey-blob

You can also make a pfx/p12 with the public certificate (sn -p) and the converted PEM key :)

Answer 2

The .pvk format was often used for storing Authenticode(tm) private keys. It's a simple format and the Mono project has tools to read it. Mono also has tools to read and write .snk files.

However I don't recall any tool doing the conversion so you'll likely need to write a small piece of code to read the PVK and write it as an SNK (with an RSA instance in-between).

Everything you need exists inside the Mono.Security assembly that Mono provides (or that you can compile on your own).

Disclaimer: I'm the main author of the Mono code discussed above and it is all available under the MIT.X11 license