How do I export an `non-extractable` certificate

[chenzhiguo]

I have a similar problem, https://security.stackexchange.com/questions/64323/export-non-extractable-private-key-from-keychain-on-os-x The difference is that my device is M1 Pro, macOS 13.1, and I have tried many things with no success, including 'chainbreaker'. So, I want to ask, do you support the above situation?

[skulldoggery]

I'm in a similar boat. Haven't tried Chainbreaker yet, but spinning up an old 10.5 OSX (Leopard) VM to attempt.to recover the private key. Later versions of OSX implement a protection bit when a certificate is imported that prevents export, just like Windows, but <10.5 doesn't perform this check.

[djrobx]

python3 -m chainbreaker --password --dump_private_keys

The extract functions did not work for me. It wrote binary files that were not valid DER files. But the base64 output in the "dump" format is valid, AND you can see the name that is associated with the key.

Convert that output to binary:

base64 -d -i input.n64 -o output.key

You can veirfy that you have a proper key and certificate match using instructions here: https://www.ssl247.com/knowledge-base/detail/how-do-i-verify-that-a-private-key-matches-a-certificate-openssl-1527076112539/ka03l0000015hscaay/

but add "-inform DER" to indicate binary format.