crypto::keys lists or exports key containers. It has the following command line arguments:

  • /provider: the legacy CryptoAPI provider (default: MS_ENHANCED_PROV)

  • /providertype: the legacy CryptoAPI provider type (default: PROV_RSA_FULL)

  • /cngprovider: the CNG provider (default: Microsoft Software Key Storage Provider)

  • /export: export all keys to PVK files

  • /silent: if user interaction is required, then abort

If needed, you can convert PVK files with: openssl rsa -inform pvk -in key.pvk -outform pem -out key.pem

mimikatz # crypto::keys /export
 * Store         : 'user'
 * Provider      : 'MS_ENHANCED_PROV' ('Microsoft Enhanced Cryptographic Provider v1.0')
 * Provider type : 'PROV_RSA_FULL' (1)
 * CNG Provider  : 'Microsoft Software Key Storage Provider'

CryptoAPI keys :

CNG keys :
    0. Microsoft Connected Devices Platform device certificate
        |Provider name : Microsoft Software Key Storage Provider
        |Implementation: NCRYPT_IMPL_SOFTWARE_FLAG ;
        Key Container  : Microsoft Connected Devices Platform device certificate
        Unique name    : de7cf8a7901d2ad13e5c67c29e5d1662_e4aad2d1-5ec0-4ea4-b259-65eda5bc47a8
        Algorithm      : ECDSA_P256
        Key size       : 256 (0x00000100)
        Exportable key : YES
        LSA isolation  : NO
        Private export : OK - 'user_cng_0_Microsoft Connected Devices Platform device'

Last updated