Extract private key from pfx file or certificate store WITHOUT using OpenSSL on Windows
I had the same problem and solved it with the help of PSPKI Powershell module from PS Gallery. While I understand that you look for a solution that preferably uses some built in functionality in Windows, installing a module from PS Gallery might be acceptable. At least it was in my case.
First install the PSPKI module (I assume hat the PSGallery repository has already been set up):
Install-Module -Name PSPKIThe PSPKI module provides a Cmdlet Convert-PfxToPem which converts a pfx-file to a pem-file which contains the certificate and pirvate key as base64-encoded text:
Convert-PfxToPem -InputFile C:\path\to\pfx\file.pfx -Outputfile C:\path\to\pem\file.pemNow, all we need to do is splitting the pem-file with some regex magic. For example, like this:
(Get-Content C:\path\to\pem\file.pem -Raw) -match "(?ms)(\s*((?<privatekey>-----BEGIN PRIVATE KEY-----.*?-----END PRIVATE KEY-----)|(?<certificate>-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----))\s*){2}"$Matches["privatekey"] | Set-Content "C:\path\to\key\file.pem"$Matches["certificate"] | Set-Content "C:\path\to\certificate\file.pem"
If I understand correctly certutil should do it for you.
certutil -exportPFX -p "ThePasswordToKeyonPFXFile" my [serialNumberOfCert] [fileNameOfPFx]
The Key, when exportable, can be exported using several APIs to several formats. The most common would be PKCS#8 (industry standard) and XML (MSFT properitary afaik).
Have a look at these answers: