# capi `dpapi::capi` decrypts a CryptoAPI private key file. It has the following command line argument: * `/in`: the CAPI private key file. The location of the file is `C:\Users\AppData\Roaming\Microsoft\Crypto\RSA` * `/password`: the password to decrypt the capi key * `/masterkey`: the masterkey to use for decryption. It can be obtained through [`sekurlsa::dpapi`](https://tools.thehacker.recipes/mimikatz/modules/sekurlsa/dpapi). * `/unprotect`: display the decryption results on screen The following example was taken from Benjamin's [Decrypt EFS Files](https://github.com/gentilkiwi/mimikatz/wiki/howto-~-decrypt-EFS-files) guide: ``` mimikatz # dpapi::capi /in:"D:\\Users\\Gentil Kiwi\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-494464150-3436831043-1864828003-1001\\79e1ac78150e8bea8ad238e14d63145b_4f8e7ec6-a506-4d31-9d5a-1e4cbed4997b" /masterkey:f2c9ea33a990c865e985c496fb8915445895d80b **KEY (capi)** dwVersion : 00000002 - 2 dwUniqueNameLen : 00000025 - 37 dwSiPublicKeyLen : 00000000 - 0 dwSiPrivateKeyLen : 00000000 - 0 dwExPublicKeyLen : 0000011c - 284 dwExPrivateKeyLen : 0000064e - 1614 dwHashLen : 00000014 - 20 dwSiExportFlagLen : 00000000 - 0 dwExExportFlagLen : 000000fc - 252 pUniqueName : ffb75517-bc6c-4a40-8f8b-e2c555e30e34 pHash : 0000000000000000000000000000000000000000 pSiPublicKey : pSiPrivateKey : pSiExportFlag : pExPublicKey : 525341310801000000080000ff00000001000100bfab29f4eea58b2fa529dee347b2ba64355f80686faf45ea16abbb02d7e8b3f3af6ae1cb02e79425190fecfa7c24c870e51ac776e2849acc50e2f1287d593976d62bb104027b3a294a3aeef2749c411e59cc1d7def692c1c54eb5f6f60d65142221f1417c492e69976cf631653bd4a23528d286f0260ca5ee3bd54b396d985c6553f78be6310b7d10f0551a702fe514cedf6425136f3e3047dc7704f408fc43b5a10048769e84bfd57ce4f314291cc5136a31bc510e1c68789ba1db25508e67b3420fa520b2142a7ac0f7b93a1a44cf7af9f6809b23ebaf6a6c89edc72316c9d8ff11ec2089f2641bc8c798e172356f904883f94b04f0ee475af1bc43365a6ce0000000000000000 pExPrivateKey : **BLOB** dwVersion : 00000001 - 1 guidProvider : {df9d8cd0-1501-11d1-8c7a-00c04fc297eb} dwMasterKeyVersion : 00000001 - 1 guidMasterKey : {1eccdbd2-4771-4360-8b19-9d6060a061dc} dwFlags : 00000000 - 0 () dwDescriptionLen : 0000002a - 42 szDescription : Clé privée CryptoAPI algCrypt : 00006610 - 26128 (CALG_AES_256) dwAlgCryptLen : 00000100 - 256 dwSaltLen : 00000020 - 32 pbSalt : 27e9175d0d9bbaa8987782036b5ae2e8174bf1817f5d962196a94b4621f028a5 dwHmacKeyLen : 00000000 - 0 pbHmackKey : algHash : 0000800e - 32782 (CALG_SHA_512) dwAlgHashLen : 00000200 - 512 dwHmac2KeyLen : 00000020 - 32 pbHmack2Key : 898f558b700ccffc1d2fe16ca62bce66dfe0b78e6d8e4c593e774a342decb2f8 dwDataLen : 00000550 - 1360 pbData : 1bfa381970e93ec34b71d3b5cd104671b28d14c841d921823cad030755cb16078e38ecc4a0deddb09c97439b162a5efaecd21c50851a3489f0ad804263bd4164d14bdff85936840568cf25369df824965367dd05ff3bb40d35be52fe8425029ee4b154bc3da2bdc65be0029490024047f9b573a74dc6d624f385acbbfcf754585a0267d5397e91005d3bf4fe98bc4c23b82dc06947d42f30066bc4505e968e6b4e953fecde6dc22ac0ec7da82f0c3f6fc4462f3ac1ab8c8211ae76d44a239c2eab91282c60d90e47bed61d893f6551579383ca3f01cc234d276a64e8b13e80f2b4667a31b2d8252654139434489addccdd033db72874b6ecb5d3fa6d4cae0446c3aca78cb4d018ff8b7155df00d35412bb105613cdb4972302e90f3f5c88a766047743c0b2c77619abef8832752ed2798e0a0cd8ac6ec090185f0ec71f2f6069e8d3e1967c033659e4debe474c2faec7d9db9cfca9abca3a2266407269a3ef895bb82495038da5e64fd0051c354a26db29c9ea6d9d9969535683845fe1cd50767e210e8c2d9a5cf56f37c8a34411901bc7d09c7c2188beb84014958580b2f00a634f35fac920759f4655ca3645020d85c8abfcc1323ca8d8d799d4fc9dd20f6e18c7c0735bd57f064da02e676f80bfbec52a32f0dbc0d2f28f7d0009c07ae52ebad0ce0607888d89379d487ed93c4f4e175284f5e9ef73b511f71b37bbe6fb5485122ada686c747207912a0287130f29e3e24b5f51c6def3e7cea71314fabc99db7755e50bb464d75eef100dd89d1e6807029bb8b183b077955d3c8cfb0ba9bd9af6c8855589abdad4704d6d4bd86e93a4dca914ebc44fd54231bc91e56e6f80e22152d20412cd94adc3c979b8c580f55536926c3842df388bcbf9cdf9c51983a6a8e6cb66f9baf09d520ffd6fcbacfa30ba53de0dab1c1bba2955bfa9a97b36866da8e743b1f6fc1cdce22e094fa196c0ab80ed2a5c8406d1cdf0ed87a882905416d96a64fc2c66eaae645d939da9fa32b9b54eec5b11bc3085adb261e4bc6f7a0ea23b18c176e8518aa5df0ffb630359a55fdc702e7c12f363eb6029c9b0b281be5e0494a198a821b47f3a19dea41c5cbf7d2e0b0df045718b3b9167176b9765c82217ebde800a574c488b3a957a352f9e3ba6c15117539a4a31863fff6e7495517779fbf68c8cb0f8bcae14fcfd57a6dacfcf18eab8a80ef6edf16b4fc14eb98eb40a09349983ae5953971ad105732e3a89f1a9b3968b988aa1be111b76264a725086017bdedfc1be76a50864759d13b3be4ce6cf14d52c8a007c04e1581de43ad926516a8bed90056246f0c45b9d285047035f35493ac7be08add32205aafa45c2aa811bcf1f528511f6d9cde8c6b001379e87b78bf124f98122a627381c3ad445788999c448375e4324c11f984aade3a124ada9f403488a5c5f4f0d255481e4d1fcd0250562fa3f2e89215cf6600d49cab22433a303e74e95fa913e50616b1b85097ad68c73015109b89d6cea9e374aa842d2f405f6966719cc8310df5861f6625cab1b56140832654e46563525349a893d8d6ac8476e0d1c2626e866395472d2019467b7027cc4d219895e255a168b8382f98eb025afbc4417fb9ed05c77f8267af47f2be04e8296909b1d713079002129b3b81c0474ffa01011e1d517bf3a88e858d231525a5b8493d9f197cbc765971d8d3baba6a2c37fe889e108f200d70061f2c7e32f506761167a35ca91fca4bf0f927b88465304822a72350f276c275ff0b1cd31e6403abe6b1bdc0864dd27b4fc7d9fffacce30bb52448362202a0fc7d3493259ae299af0c42845290833438d25e5b35f75d082a66751ef3ea6e00b40a9533d610cdf4376feeb296486de8f144af4bc8cff4b53cbd7626d0d917505b4f542024af5bc6aa353b5b1e781 dwSignLen : 00000040 - 64 pbSign : 0733e4242e0aee05a87aee456ade99ccedce27548f93b96d9d1a2c029ab6ef2afa8d1027680a9f92a380e82752dab06409f74d15d978a72920d99fabbf1f4377 pExExportFlag : **BLOB** dwVersion : 00000001 - 1 guidProvider : {df9d8cd0-1501-11d1-8c7a-00c04fc297eb} dwMasterKeyVersion : 00000001 - 1 guidMasterKey : {1eccdbd2-4771-4360-8b19-9d6060a061dc} dwFlags : 00000000 - 0 () dwDescriptionLen : 00000018 - 24 szDescription : Export Flag algCrypt : 00006610 - 26128 (CALG_AES_256) dwAlgCryptLen : 00000100 - 256 dwSaltLen : 00000020 - 32 pbSalt : c23d0a88fe308d2f0172a4ebaad46f4485f4638739bc7488e3ad0f858f415b5a dwHmacKeyLen : 00000000 - 0 pbHmackKey : algHash : 0000800e - 32782 (CALG_SHA_512) dwAlgHashLen : 00000200 - 512 dwHmac2KeyLen : 00000020 - 32 pbHmack2Key : 05a72a929f5a7f5518887a7d082a2c7c25b444798c255d592e77b7b979e0360d dwDataLen : 00000010 - 16 pbData : 2097aff03cd998c4fd1faf2bca7fe6c4 dwSignLen : 00000040 - 64 pbSign : bfddd1ab8552bff9b642cb695d351635d302019238c77e0495eb1a558b4eabada2802d1e33a63e9829700eaa7913abb83c9598f9b97c87fed793f3bd4fb90be3 Decrypting AT_EXCHANGE Export flags: * masterkey : f2c9ea33a990c865e985c496fb8915445895d80b 01000000 Decrypting AT_EXCHANGE Private Key: * masterkey : f2c9ea33a990c865e985c496fb8915445895d80b 525341320801000000080000ff00000001000100bfab29f4eea58b2fa529dee347b2ba64355f80686faf45ea16abbb02d7e8b3f3af6ae1cb02e79425190fecfa7c24c870e51ac776e2849acc50e2f1287d593976d62bb104027b3a294a3aeef2749c411e59cc1d7def692c1c54eb5f6f60d65142221f1417c492e69976cf631653bd4a23528d286f0260ca5ee3bd54b396d985c6553f78be6310b7d10f0551a702fe514cedf6425136f3e3047dc7704f408fc43b5a10048769e84bfd57ce4f314291cc5136a31bc510e1c68789ba1db25508e67b3420fa520b2142a7ac0f7b93a1a44cf7af9f6809b23ebaf6a6c89edc72316c9d8ff11ec2089f2641bc8c798e172356f904883f94b04f0ee475af1bc43365a6ce000000000000000027fc60e13eca2e1299234c00916c6a864ca3c834da67c49c7cf181279d845c45b95640301157afc3380ed77911235caab0b6d0c02d2ea3b38a00b2c9771d2995423b33554d865f7b56e7965fcf070445f86316e35487350782343d9b39bc912eefc298b1bfa2a8c0beb9360bbf711df7502439558c4dedbd5e24b8a0498760da00000000a9da86a8ee9474160ac17038b65061c6e2babf5c830753b2eb03e754dff61d79732c440d0318050bc76eeb7c15c8f5401b91602cca636c358c8306b165f966812d0e099a7c46c03c0852898c5404905aba8de44d62c3e7c5e066e1a16bbe5ee8ab70611da9f981a27449b1868ed20acb3a160ae4b8ab40521e26b61981a540f2000000004741d7a3cd5111047fb9eb70190c63e17fd4fabf00527d6098504b7c207a358f4cc59704dc05964753388f79c6de3a28fad764c3d700b3598ad3030256c9e48a475c89c67a1bf1f4f8aed9995965686bd9ccdcb18524c81e8e3e2138c35681f0ee53ae50e04ffc69ddc5c353d5568d4cff136d59ab061f9ae81bdf5ffd6181c300000000e180076963015447b6853b2420831696489b2bb7c7ddc8dd7b72440d655680135ffc8a717a719c8e107a13e514ed987f54967c5d641c7a96ee4f2581ead14f0a078cd91ddcaceda36ce8db6cc2c6e805045b6e36e7c31d557b9cca8a9884e2184bb9d7f04a665011b087b5f09622ad0c0af0cb6032d534c9622f64738c3d3adb00000000dc93548eccf25667a764f15768798d05c64f9a551bf84269f4f09e28180769f43d7bb9c3abc7be149467034438e20ed0e5324a926f972916d6855641cf564a9a2ccd0ec4bde399e1243674fa8030fdf16bdb8434668e2725084ac740c484d4d8155bf814dd8720644f1a1259291f2cf9c24805d992fa18ecac1f4135c4baf39c00000000b95ec0bf840fe8cb4e7aa64139f753e0a8430ff0491a763e52871085a0b555bb96b2025685264b4631f36e75567fb460487a583c3aa3772daf402707e1b6f6a8e93d4f853a1f9f32cf147974a6c6fa225ac2a8f13fade5dd4bf6e5ddf0fc94e03a6c37e0c70f9de1d80be7f0407fc660f24ccf98e45201678a82b457be3431f180b6a719f1e350e8feb870317f1e2b2549f8d29ca9e5d805f82d6b59bc1977b2b8c57ad114d7d8d9a8476a1e7a81d4d9b6c070050134f44d406be1d69440ab43ecee1d4da4f6805a9afa6539bce166f8c13f775c1ce813ba24773d936396f1e100be85edb556586b1461e03a1b52fc05bb2683a57fbbdd2f0514f3b668f62f1600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Exportable key : YES Key size : 2048 Private export : OK - 'raw_exchange_capi_0_ffb75517-bc6c-4a40-8f8b-e2c555e30e34.pvk' ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://tools.thehacker.recipes/mimikatz/modules/dpapi/capi.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.