You can decrypt or re-encrypt an encrypted core dump on your ESXi host by using the crypto-util CLI.

You can decrypt and examine the core dumps in the vm-support package yourself. Core dumps might contain sensitive information. Follow your organization's security and privacy policy to protect sensitive information, such as host keys.

For details about re-encrypting a core dump and other features of crypto-util, see the command-line help.
Note: crypto-util is for advanced users.


The ESXi host key that was used to encrypt the core dump must be available on the ESXi host that generated the core dump.


  1. Log directly in to the ESXi host on which the core dump occurred.
    If the ESXi host is in lockdown mode, or if SSH access is disabled, you might have to enable access first.
  2. Determine whether the core dump is encrypted.
    Option Description
    Monitor core dump
    crypto-util envelope describe
    zdump file
    crypto-util envelope describe --offset 4096 zdumpFile 
  3. Decrypt the core dump, depending on its type.
    Option Description
    Monitor core dump
    crypto-util envelope extract vmmcores
    zdump file
    crypto-util envelope extract --offset 4096 zdumpEncrypted zdumpUnencrypted