How to get Private Key from CSR?

Mar 21, 2013 at 11:57 PM
I used your tool to create a CSR, but did not check the export private key checkbox. I have since submitted the CSR and got back a certificate for my code, however I cannot use it in Visual Studio without a private key.

Is there anyway to get the private key from the CSR? If not, why allow the program to even create a CSR without also exporting the private key used to generate the CSR?

Thanks
-=Ry
Coordinator
Jun 22, 2013 at 8:43 PM
Hi Ry,

Sorry for late response, I have just noticed your message (Codeplex didn't notify me about it!).

By definition, a CSR contains only the public key with no possibility to get the private key from it, otherwise it will defeat all the purposes of PKI.

Even if you didn't check export private key, the private key is present on your PC : it is stored on Windows store and once you receive the certicate, you can associate it with the private using the import tool whose link is on the main page (http://www.idrix.fr/Root/Samples/ImportIDRIXCert.zip)

If you really need your private key to be present in a PFX file and you forgot to check the exportable checkbox, then there is a solution : just import the certificate to Windows Certificate store as I described above and then use my tool StoreExplorerPlus (http://www.idrix.fr/Root/Samples/StoreExplorerPlus.zip). This tool enables you to export software private key present on the Certificate Store even if they are not marked as exportable!

In order to implement this tool, I have use a known weakness in the way Windows protected non exportable private keys : if no password is set to protect a private key, then the key is not encrypted and it is possible through in-memory modification to recover it.
Image

I hope this will help.
Cheers,
--=
Mounir IDRASSI
IDRIX
http://www.idrix.fr