non-exportable private key that is stored in the Microsoft certificate store

suresh yella 0 Reputation points
2023-04-14T03:43:46.49+00:00

Is it possible to export a non-exportable private key that is stored in the Microsoft certificate store? Or can I transfer the private key to another Windows server using the registry like export the key and then import the file in registry and after successful import, will the public certificate contain the private key? If I make the private key non-exportable, how does Microsoft Windows protects it?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,141 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 16,436 Reputation points Microsoft Employee
    2023-04-18T07:13:09.97+00:00

    @suresh yella

    Thank you for posting your query on Microsoft Q&A.

    From your description I could understand that you are looking for a way to export "non-exportable private key" from Azure Key vault.

    As per Exportable and non-exportable keys

    Non-exportable: The policy used to create the certificate indicates the key is non-exportable. In this case, the private key isn't part of the value when it's retrieved as a secret**.**

    Since private key isn't part of the secret, hence it can't be exported. Please do let me know if you have any further queries.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion works as per your business need. This will help us and others in the community as well.

    0 comments No comments