Home > PKI > Decrypting SID-protected PFX Files Without Having a Password

Decrypting SID-protected PFX Files Without Having a Password

August 29, 2016 Leave a comment Go to comments

Recently I started following new blog available at CQURE Academy. Since it’s part of CQURE, I guess most of blog posts will be security related. So far most of the content was contributed by Paula Januszkiewicz. For those of you who haven’t heard her name before, you can check her bio at Paula Januszkiewicz.

Her latest blog is “Decrypting SID-protected PFX Files Without Having a Password“.

If you work with Active Directory and Certificate Services or just simply use PFX files and you want to know more about the implementation of SID-protected PFX files in recent versions of Windows, than this is definitely a must read for you.

One simple tip she points out is how to retrieve password of SID-protected PFX file if you are on the “allow list” (there is always a random password being used and it can be seen during the PFX import phase). You can save this password in your secure password database and use it “in case of…”.

More importantly, she is demonstrating how to inspect SID-protected PFX files and how to decrypt them without being on the “allow list”.

To demonstrate this, she is using two tools, created by CQURE:
– CQMasterKeyAD (retrieve master key from AD)
– CQDPAPINGPFXDecrypter (get decrypted password from PFX with known master key)

For the inspection of the PFX file she uses ASN.1 Editor, written by Vadims Podāns (author of the PowerShell PKI Module).

She plans to show more details about this at Microsoft Ignite. If you’ll be there, be sure to attend her sessions. For those of us, not so lucky, we’ll have to wait for session recordings at Channel 9.

Categories: PKI Tags: , , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.