RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation [v4]
Bernd
duke at openjdk.org
Sat Mar 23 00:14:25 UTC 2024
On Fri, 22 Mar 2024 22:25:47 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
>> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>>
>> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>>
>> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
>
> rebarbora-mckvak has updated the pull request incrementally with one additional commit since the last revision:
>
> 8313367: signHash looks for a key in either user or machine store
Gm, Are those tests actually checking CAPI and CryptoNG providers? (Due to better key isolation the later one is much more interesting and might also be mandatory for some machine identity keys tied to platform security). Which Is the script which creates the keys, would like to take a look.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-2016205940
More information about the security-dev
mailing list