RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation [v4]
Sean Mullan
mullan at openjdk.org
Thu Apr 11 11:37:46 UTC 2024
On Wed, 10 Apr 2024 13:09:37 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
>> Yes it's self signed one.
>>
>> No it's not added to any other keystore. When I said "TrustedCertificateEntry" it's only because in a Java KeyStore an entry with only a certificate is called a TrustedCertificateEntry.
>>
>> So my concern is that inside Windows-MY-LOCALMACHINE, this entry actually contains a private key. But because of user privilege missing, the private key is not available and it shows as a certificate entry.
>
>> But because of user privilege missing, the private key is not available and it shows as a certificate entry.
>
> You can have applications that need a certificate (public key) only e.g. to verify signatures. This way you can use the same entry by both types of applications.
@rebarbora-mckvak I added the `release-note=yes` label to the JBS issue to indicate a release note is needed. Please follow the release note process at https://openjdk.org/guide/#release-notes and have someone (probably Weijun) review the release note. Thanks.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-2049496741
More information about the security-dev
mailing list