RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation [v5]
Mat Carter
macarte at openjdk.org
Tue Oct 29 18:04:33 UTC 2024
On Tue, 29 Oct 2024 15:34:37 GMT, Mat Carter <macarte at openjdk.org> wrote:
>> @wangweij, please see the release note above.
>
>> @rebarbora-mckvak I've added the release note as https://bugs.openjdk.org/browse/JDK-8340661 last month.
>>
>> I didn't approve because of Mat's Aug 14 comment:
>>
>> > I think there's at least two issues that need to be addressed (see above comments)
>>
>> @macarte Is this still your current opinion?
>
> Yes I believe these are two potential issues that should at least be reviewed (the issues are outlined in the comments); IIRC they should be trivial to address
> @macarte that's a lot to read. could you give a short summary of the issues?
>
> @wangweij
>
> > So my concern is that inside Windows-MY-LOCALMACHINE, this entry actually contains a private key. But because of user privilege missing, the private key is not available and it shows as a certificate entry.
>
> That's by design. When the user needs access to the private key, assign the proper permissions. Select the certificate in the MMC Certs snap-in -> right click -> All tasks -> Manage private keys -> give the user read permissions to the private key
<img width="811" alt="image" src="https://github.com/user-attachments/assets/dccc834a-42f4-44d8-b689-01b1d21c9871">
<img width="810" alt="image" src="https://github.com/user-attachments/assets/11af2842-ae4b-45de-9888-6f611cef3777">
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-2444986355
More information about the security-dev
mailing list