How do you set permissions on a certificate in the Windows Certificate Store through PowerShell 7?

Question

Every resource I've found so far, such as this question, boils down to:

Get the certificate as an X509Certificate2
Cast the PrivateKey property to RSACryptoServiceProvider
Do stuff involving CspKeyContainerInfo property on the private key

This works in PowerShell 5, but in PowerShell 7, the PrivateKey property is an RSACng, not an RSACryptoServiceProvider, and so step 2 doesn't work.

score 0 · Answer 1 · answered Aug 29 '22 at 21:35

0

FYI, PrivateKey was deprecated. You are now required to use the GetRSAPrivateKey extension method.

I cannot find any documentation, but it appears that .Net Framework used to return an RSA that also implemented RSACryptoServiceProvider which is where we could get the CspKeyContainerInfo, but now we are required to grab the key RSA derived type RSACng which is returned by the extension method. From here you can grab properties like the $cert.Key.UniqueName

answered Aug 29 '22 at 21:35

Matthew Asplund

11
3

Looking at the link provided, there is an answer that has a working Powershell implementation that runs on 7. – Matthew Asplund Aug 29 '22 at 21:38

How do you set permissions on a certificate in the Windows Certificate Store through PowerShell 7?

1 Answers1