Experts, anyone know how to find certificates in keyusage that contains only KEY_ENCIPHERMENT ?
certutil -v -user -store my | findstr "Key.Encipherment,.Data.Encipherment.(30)"
credit to @josefz
I've manage filtered it correctly. so what i am doing now is to filter the certificates with key usage values that i wanted and use the serial number as part of the command require to export those certs. but it seems the syntax command i wrote here is incorrect. anyone could help? i struggling with the syntax. The flow suppose to be like for each serial number in cert key usage values do print the serial number on the export [serialnumber] PFX out
for /f "tokens=1,2 delims=:" %g in ('certutil -v -store my | findstr "Key.Encipherment,.Data.Encipherment.(30)"') do ( certutil -v -user -store %a "%h" | echo %a & certutil -v -user -store my | findstr "Serial.Number")
Next, the certificate serial number printed out in console should able to go directly to [serialnumber] and loop to export the PFXs until there is no serial number.
certutil -p password -exportPFX my [serialnumber] C:\cert.PFX