> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-3/key-extraction/trick-0197.md).

# Extract Private Key from PFX (Mimikatz)

***

Decode the potential base64-encoded PFX data:

```bash
cat cert-base64 | base64 -d > cert.pfx
```

Then, use `openssl` to extract the private key from the `.pfx` file. The password `mimikatz` is a common default used by Mimikatz when exporting certificates to PFX without specifying a custom password.

```bash
openssl pkcs12 -in cert.pfx -nocerts -nodes -password pass:mimikatz -out private.pem
```

To extract the private key from a .pfx file using `openssl`, the `pkcs12` utility is used. The `-in` option specifies the input PFX file. The `-nocerts` option ensures that only the private key is output, not the certificates. The `-out` option specifies the output file for the private key, typically in PEM format.

```bash
openssl pkcs12 -in certificate.pfx -nocerts -out private.pem
```

When extracting, you will be prompted for the import password for the PFX file. You can also remove the encryption from the private key in the output file by adding the `-nodes` option.

```bash
openssl pkcs12 -in certificate.pfx -nocerts -out private.pem -nodes
```

Using `-nodes` removes the DES-EDE3-CBC encryption from the private key, making it usable without a passphrase. If `-nodes` is not used, you will be prompted to set a new passphrase for the output private key file. The `-nodes` option ensures the private key is extracted without encryption, so you are not prompted for a password when using the key.
