RFR 8213010: [cng] Supporting keys created with certmgr.exe

Weijun Wang weijun.wang at oracle.com
Mon Dec 3 15:14:26 UTC 2018


Please take a review at

 https://cr.openjdk.java.net/~weijun/8213010/webrev.00/

A Windows keystore is now able to load EC keys and uses them in signing and verifying with SHA<n>withECDSA.

Not supported:

1. No EC KeyPairGenerator yet.

2. Cannot store a EC key (from SunEC) into a Windows keystore. I still haven't figured out how to call NCryptImportKey, NCryptCreatePersistedKey and CertAddCertificateContextToStore together correctly to associate a EC private key to a cert and store them.

3. SHA<n>withECDSAinP1363Format not supported, but it's easy to add them.

4. NONEwithECDSA not supported.

Currently I can only use certmgr.exe to import a pkcs12 file and then run a manual test with it. Therefore no automatic test is included. Like RSA support in SunMSCAPI, Signature::initSign only support native keys. Signature::initVerify supports both native and SunEC keys. That said, since we do not have EC KeyPairGenerator yet you won't meet a real native EC public key.

Thanks
Max




More information about the security-dev mailing list