0

In this path: %APPDATA%\Roaming\Microsoft\Crypto\RSA

Keys are stored there but I can't make use of them. When I open them in a HEX EDITOR, I can only see parts of it, the remaining parts seems to be encrypted via CryptoAPI. How do I decrypt it?

Note: This key in particular was not created by an application I developed. I did some research and it seems CryptoAPI uses DPAPI to protect them. Any ideas?

Thanks!

user3462249
  • 21
  • 4

1 Answers1

0

You can look at the code at this site. They provide code to decrypt these certificates (which are used for EFS, among others). You do need the user password for Windows.

Henno Brandsma
  • 2,116
  • 11
  • 12
  • That site doesn't exist now. The associated code is here: https://bitbucket.org/jmichel/dpapick/src/default/ – Kramii Mar 18 '20 at 11:05