RFR 8213010: [cng] Supporting keys created with certmgr.exe
Weijun Wang
weijun.wang at oracle.com
Mon Dec 3 15:14:26 UTC 2018
Please take a review at
https://cr.openjdk.java.net/~weijun/8213010/webrev.00/
A Windows keystore is now able to load EC keys and uses them in signing and verifying with SHA<n>withECDSA.
Not supported:
1. No EC KeyPairGenerator yet.
2. Cannot store a EC key (from SunEC) into a Windows keystore. I still haven't figured out how to call NCryptImportKey, NCryptCreatePersistedKey and CertAddCertificateContextToStore together correctly to associate a EC private key to a cert and store them.
3. SHA<n>withECDSAinP1363Format not supported, but it's easy to add them.
4. NONEwithECDSA not supported.
Currently I can only use certmgr.exe to import a pkcs12 file and then run a manual test with it. Therefore no automatic test is included. Like RSA support in SunMSCAPI, Signature::initSign only support native keys. Signature::initVerify supports both native and SunEC keys. That said, since we do not have EC KeyPairGenerator yet you won't meet a real native EC public key.
Thanks
Max
More information about the security-dev
mailing list