win-export-certificate-and-key
Access the Windows system certificate and key store.
This module is a native addon. It will only successfully work on Windows.
No prebuilt binaries are currently provided.
API
exportCertificateAndPrivateKey(opts?)
Export a certificate and its corresponding private key from the Windows CA store.
Valid options are:
subject
: Subject line of the certificate/key as a string.
thumbprint
: Thumbprint of the certificate/key as a Uint8Array.
Either subject
or thumbprint
must be provided.
store
: Optional Windows certificate store name. Default: MY
.
storeTypeList
: Optional array of Windows certificate store types
to try. Default: ['CERT_SYSTEM_STORE_LOCAL_MACHINE', 'CERT_SYSTEM_STORE_CURRENT_USER']
.
requirePrivKey
: Boolean. If set, the
REPORT_NO_PRIVATE_KEY | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY
flags will
be passed to the wincrypt API.
This function returns a single certificate (and by default its private key)
combination as a .pfx file, along with a random passphrase that has been
used for encrypting the file.
It will throw an exception if no relevant certificate could be found.
The certificate in question can be specified either through its subject line
string or its thumbprint.
exportSystemCertificates(opts?)
Export all system certificates (no private keys) matching the given
options.
Valid options are:
store
: Optional Windows certificate store name. Default: ROOT
.
storeTypeList
: Optional array of Windows certificate store types
to try. Default: ['CERT_SYSTEM_STORE_LOCAL_MACHINE', 'CERT_SYSTEM_STORE_CURRENT_USER']
.
This functions returns an array of PEM-formatted certificates.
Testing
You need to import testkeys\certificate.pfx
manually into your local
CA store in order for the tests to pass. Make sure to import that certificate
with the "exportable private key" option. The password for the file is pass
.