RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation [v3]
rebarbora-mckvak
duke at openjdk.org
Tue Mar 19 15:32:24 UTC 2024
On Tue, 19 Mar 2024 15:23:39 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
>> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>>
>> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>>
>> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
>
> rebarbora-mckvak has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains two commits:
>
> - 8313367: signHash finds a key in the local machine store
> - 8313367: Local Computer store is opened with max. allowed permissions
First, I am sorry I had to force-push the branch, because I accidentally clicked on some github UI and it merged `master` branch without asking for any confirmation.
I added another commit which fixes signing with some certificates. It seems it matters how the keys are imported in the local machine store and sometimes it means `signHash` is used and produced `Keyset does not exist` error.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-2007496748
More information about the security-dev
mailing list