There are two separate ways to retrieve a server’s private key. The first method is to retrieve a server’s private key securely wrapped in the server’s storage key. In this form, the key has been cryptographically protected from disclosure and can only be unwrapped and used by NICI running on the server.
The second way to retrieve a server’s private key is to get a NICI handle to the key. The key can then be used by your NICI enabled application.
Call NPKIGetWrappedServerKey to retrieve the server’s private key securely wrapped in the server’s storage key.
Call NPKIGetHandleToServerKey to get a NICI handle to the server’s private key.
For a sample implementation of this task, see GetServerKey.