RFR: JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider
Mat Carter
duke at openjdk.java.net
Wed Apr 27 21:44:55 UTC 2022
On Wed, 27 Apr 2022 19:33:10 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp line 487:
>>
>>> 485: // Check if private key available - client authentication certificate
>>> 486: // must have private key available.
>>> 487: HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv = NULL;
>>
>> It is not quite clear from the CSR, was this a bug (previous JDK-8026953 incomplete) or is that only a type cleanup and using ncrypt keys worked before? (In that Case does it need to be mentioned in csr?)
>
> Same question. Does a new type name automagically add support for CNG?
Correct, it does enable access to certificates and keys that require next (second) generation, that were previously inaccessible. I've just realized the implication of this on existing applications and so I'm going to pause and run some test, especially around enumeration
-------------
PR: https://git.openjdk.java.net/jdk/pull/8211
More information about the security-dev
mailing list