Recently I was working on recovering data from dead (bricked PSU) Windows XP machine, which included some client certificates installed into IE 6. I plugged in a temporary PSU and tried to export the certificate, only to be told that "these certificates are marked as non-exportable, and thus the private key can not be exported".
I've done some searching around the intertubes, however the only advices I could find were related to pre-install scenarios (ie. there is apparently an option which you can check during the installation to avoid this situation).
My questions would be:
- Is this a real security measure? It seems to me that you can simply patch the verification logic in IE6 (or the CryptoAPI) and force the export of the certificate / private-key
- Is there a ready-made tool to do this? (for backup purposes for example)
Best Answer
Exporting private keys on certificates that have been marked non-exportable? Uh, how about a tool called Jailbreak...