0

I am trying to pull back the description property for a Windows certificate. It is not a standard x509 certificate property.

The only reference I have found is using capicom (How can I access Certificate ExtendedProperties using powershell?) which is now unsupported and wont help me anyway as I will be running this remotely.

Does anyone know any other method to access this property?

Thanks

SoldierDog
  • 3
  • 2
  • It's stored with the certificate object in the registry (e.g., LocalMachine-cert HKLM:\SOFTWARE\Microsoft\SystemCertificates\MY\Certificates\). If you search for your certificate there, you'll see it in the binary blob property. Not idea which object type actually renders that. – Adam Apr 25 '18 at 15:43
  • Convert the _documented_ [C# example here](https://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509extension.aspx) to PowerShell. – kuujinbo Apr 25 '18 at 15:45

1 Answers1

0

Well, at the moment of posting, neither comment was correct or relevant in any way. Description is not a part of X.509 certificate object, it is vendor-specific (Microsoft, in current case) attached property. The property is attached via certificate store and doesn't exist outside of it.

Nor PowerShell nor .NET offer native way to read store-attached properties (though, some things like Friendly Name are available) from certificate. Instead, you need to call CertGetCertificateContextProperty unmanaged function via p/invoke:

$Cert = gi Cert:\CurrentUser\My\510F2809B505D9B32F167F6E71001B429CE801B8
$signature = @"
[DllImport("Crypt32.dll", SetLastError = true, CharSet = CharSet.Auto)]
public static extern bool CertGetCertificateContextProperty(
    IntPtr pCertContext,
    uint dwPropId,
    Byte[] pvData,
    ref uint pcbData
);
"@
Add-Type -MemberDefinition $signature -Namespace PKI -Name Crypt32
$pcbData = 0
# if the function returns False, then description is not specified.
$CERT_DESCRIPTION_PROP_ID = 13
if ([PKI.Crypt32]::CertGetCertificateContextProperty($Cert.Handle,$CERT_DESCRIPTION_PROP_ID,$null,[ref]$pcbData)) {
    # allocate a buffer to store property value
    $pvData = New-Object byte[] -ArgumentList $pcbData
    # call the function again to write actual data into allocated buffer
    [void][PKI.Crypt32]::CertGetCertificateContextProperty($Cert.Handle,$CERT_DESCRIPTION_PROP_ID,$pvData,[ref]$pcbData)
    # Description is null-terminated unicode string
    $description = [Text.Encoding]::Unicode.GetString($pvData).TrimEnd()
}
Write-Host $description

Change the first line with the line you use to retrieve the certificate. Certificate object must be stored in $cert variable.

Crypt32
  • 12,850
  • 2
  • 41
  • 70