I am trying to use WinCrypt APIs to extract private key for a certificate installed in Windows Certificate Store. The certificate is installed in LocalMachine - "My" store and by default the "Enable Strong Private Key protection" is greyed out (as expected). I am unable to export private key for the certificate from Local Machine store. When I try using powershell commands, I am able to export certificate with private key but I am seeing the confirmation dialog pop up that usually comes if "Enable Strong Private Key protection" is checked. But this does not seem right for a Local Machine store. Can someone shed light on the same? Is there a way to Enable Strong Private Key protection even for Local Machine store also?
Finally identified the issue to be related to permission of the Machine Key folder. Updated permission to "Full Control" to "Everyone" and now am able to get the private key without any issue. Refer: https://learn.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2008/bb909654(v=vs.90)?redirectedfrom=MSDN to know how to change Permissions.