Black Hat EU : Exporting Non-Exportable RSA Keys – By Jason Geffner
The private key is supposed to be private. It is what proves that the services and the certificate belong to each other. As an attacker you want to obtain this key in order to spoof the identity of the service.
When you import a certificate with private key or generate a private key via the Microsoft Crypto API (CAPI) you can mark it as non-exportable. But are these keys really non-exportable or is this just a GUI option to give administrators a false sense of security?
In order to find out how an attacker can export a non-exportable key RSA key, we need to dive into the CAPI calls.
Disassembling the CAPI functions shows that there are flags in memory that specify that the key is not exportable. It appears that these flags are stored on the same memory location and user the same function. And you can actually temper with this information and set these flags back to being exportable.
The situation is a bit different in the CAPI: Next generation (CNG). Again a disassembly of these functions shows that the CliCryptExportKey() via the c_SrvRpcCryptExportKey function get the private key from the KeyISO or KeyIsolation RPC service that is meant to isolate the RSA keys from the client memory.