Find Private Key Tool (FindPrivateKey.exe)

Find Private Key Tool (FindPrivateKey.exe)


This command-line tool can be used to retrieve a private key from a certificate store. For example, FindPrivateKey.exe can be used to find the location and name of the private key file associated with a specific X.509 certificate in the certificate store.


The FindPrivateKey tool is shipped as a WCF sample. For more information about where to find the sample and how to build it, see

FindPrivateKey<storeName> <storeLocation> [{ {-n <subjectName>} | {-t <thumbprint>} } [-f | -d | -a]]

The following tables describe the arguments and the options that can be used with the Find Private Key tool (FindPrivateKey.exe).




Name of the certificate store.


The location of the certificate store.



/n <subjectName>

Specifies the subject name of the certificate.

/t <thumbprint>

Specifies the thumbprint of the certificate. Use Certmgr.exe to retrieve the thumbprint of the certificate.


Outputs the file name only.


Outputs the directory only.


Outputs the absolute file name.

The following command retrieves the private key for John Doe.

FindPrivateKey My CurrentUser -n "CN=John Doe"

The following command retrieves the private key for the local machine.

FindPrivateKey My LocalMachine -t "03 33 98 63 d0 47 e7 48 71 33 62 64 76 5c 4c 9d 42 1d 6b 52" –a
© 2016 Microsoft