How to export non-exportable private key from store

Question

I need to export private key from Windows store. What should I do if the key is marked as non-exportable? I know that it is possible, program jailbreak can export this key.

Answer 1

Gentil Kiwi's answer is correct. He developed this mimikatz tool that is able to retrieve non-exportable private keys.

However, his instructions are outdated. You need:

1. Download the lastest release from https://github.com/gentilkiwi/mimikatz/releases

2. Run the cmd with admin rights in the same machine where the certificate was requested

3. Change to the mimikatz bin directory (Win32 or x64 version)

4. Run mimikatz

5. Follow the wiki instructions and the .pfx file (protected with password mimikatz) will be placed in the same folder of the mimikatz bin

mimikatz # crypto::capi
Local CryptoAPI patched

mimikatz # privilege::debug
Privilege '20' OK

mimikatz # crypto::cng
"KeyIso" service patched

mimikatz # crypto::certificates /systemstore:local_machine /store:my /export
* System Store : 'local_machine' (0x00020000)
* Store : 'my'

1. example.domain.local
        Key Container : example.domain.local
        Provider : Microsoft Software Key Storage Provider
        Type : CNG Key (0xffffffff)
        Exportable key : NO
        Key size : 2048
        Public export : OK - 'local_machine_my_0_example.domain.local.der'
        Private export : OK - 'local_machine_my_0_example.domain.local.pfx'