Matthew Bongiovi had a discussion on Get-Credential and how it works. So useful, that I thought I'd cut/paste it here so that you and I can refer to it in future! See below:
The Get-Credential cmdlet generates the prompt using the CredUIPromptForCredentials function. The documentation for that function says:
“In the case of credentials other than UserName/Password, a marshaled format of the credential can be passed in. This string is created by calling CredMarshalCredential.”
For me, this is actually exactly what I want. However, for someone else looking to then decode that UserName string in the PSCredential, they can reverse the marshalling of that string into its struct, which is the CERT_CREDENTIAL_INFO struct. From that, they could collect the SHA-1 hash of the certificate.