
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=ks_c_5601-1987">

</head>

<body>

<div><style id="ms-outlook-ios-style" type="text/css">html {

background-color: transparent;

}


body {

color: #333;

line-height: 150%;

font-family: "-apple-system", "HelveticaNeue";

margin: 0;

}


.ms-outlook-ios-reference-expand {

display: block;

color: #999;

padding: 20px 0px;

text-decoration: none;

}


.ms-outlook-ios-availability-container {

max-width: 500px;

margin: auto;

padding: 12px 15px 15px 15px;

border: 1px solid #C7E0F4;

border-radius: 4px;

}


.ms-outlook-ios-availability-container > .ms-outlook-ios-availability-delete-button {

width: 25px;

height: 25px;

right: -12px;

top: -12px;

background-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEsAAABLCAYAAAA4TnrqAAAAAXNSR0IArs4c6QAACxpJREFUeAHlnFuMXlUVx/fcOzNtp0ynF0U7hWKrEmKLosZEjUZ9MgZIQBNC0uAtJr745oOJIT74xgskJkQbAlQNJmBMfNDEG0YjEC7GIBQZ6IAI005L79O5+/+dfut0f5dzzt7nu8w37UrWt893zt5rr/U/e6+zL+ucHrcGtLq62q9qd4gnxTeKb6kcc267eEI8Kz4mnhFPi58Rv1g5nunp6VnS8ZVHAqdHPCk+KP6zuBWEHORNinvWNWoYIN4q/o74mLidhHzqob71AxzKij8g/p14LYh6qb97QUM58T7x38TdQOiBPt0FmhQaEf9M3I2EXiNr7tOkBK3pVvGCuJsJ/dCzqVbWWxZxVTygso+InxBz3M2Efuj5SEXvUrqWQloV7lRtT4vfX6rWtS30pqr/uMZp78SqEQ2WgPqQKvmnuKWtaWnFuaWVVbciXl51rk+a9fb2uP6EY80qzL+oHB8RYC8V5vQyRIEloD6tsk965UsdAsyZ+WV35uKyOz+/4uZ0YgmEMqhfyA3397rRoV63eUOf2zzUJxAzMsed/owA+2tokWCwmgVKDcadvLDsZs8vutMXV5zkhepYl08GurENvW5idMCNj/Q5Nb5mKBiwoGoqXe/fZTQCkmNnl9x/Ty+4xZzW0yeLB9WC6Hp0QbLSJRd0sAzSGTSgzO8bG3TbN/W7IGMay/lwSJcslC+gcOZviKN9FC3pjVML7uKi+l0NDakf0Sq2DPe5kYFeh9FZBMgXJOPU3HLSOufpxzW0QTJ2bRlMZNZcCvmLD9slwHKdfraGKi2gAGhKHPXUm1tcdVMn5t05+SWfMGjbaL+7RiABUFkCuHd1I46fX6q7ERvlz/ZsHXLDA7mmNaqap+QeAQZwDSlTooDiGuOouxqWzDjJ3X91dj55slkWWs216io7musqJi5N6Zwz6uJv1XRxnqA3TAwlrTbNHHZwWNnuFmAN+30eWLeqIAO5YHr7zKK63WLqvPFDOzcNuPeODSR+KFhQZEb82/9OL7p3zi6m/k0Gq1sOuPdsjvYet6nsrxup0BAstSrmUqfEQTVxG147seCOn7vcguly+7ZtKNMdGukZdI7uf+T4xaquuW3jgLt+62CM88eILQLsQm2ldY6j0v3uV8YgoBBYC9SYxkI37RzuKFDogZ+iXuo34gaiXwRh9/0VHKqK1bUsZdqnHC9X5cr5Q9ebfveyMnS73eODOSU6c+noyYWkW1ptk9cMxnbJD6p1HbHypFUtq4LmIT9D3jHOHB9l1C1AoQ83DH2M0BN9I+hQbeuqAkuCbhB/KkQg/oGnngQm2Wn63dCifN3Rx7okeqIvegcSOIBHSilYFRQfSK8UHDCOYuIL4cz3ypl3I6EX+kHoi94R9IDfulKwJGBc/KUQQYzMbcDJ8ICnXp8vKURIh/Kg1yX9Lrln9Eb/QAIPcEnIN/FOO5mX0paYwhjhF0qMlq14R1L0q/ZfCy64MzqX4pKAVWlq94ZozqTY5nqMzBlwrgdCT5t/oj92BNK91hWtZe1SwW1FhXFRrB4YMYXJmf9atiRl7vvz52fd4/86GXNXq2TYH1oFch59blZ+yM7mp+iJvkbYkbOYYdlIwQV8HNvo0OcuJfm/9HVbZsFpMtcLpV++MOvuPvyfJPs9n9jufnrnnphRdVoNQH3jsSl36Cl29l0i466b2e0vJvRlSkTLwg7smRi9PIDNkQA+D1nL+nZOxvQSC3dGrB7oZgXTcOWJRAEMxeAIv5HUUwsUJ325SaacH/RFbyPfHjuXkR7kfK/6I03sk/zJI5o7K5xGLLPE0O03jTtalFEsYI2AQt5tkhtDvt7YE9iNPyuckpXsj4VUxnq5CiRZWbiLXY/irtL1ygCWBVSZroze6A9hD3YF0g5KMRcsJDYYjFjhLENlAGslUKazr79vl13PSCeDwWIXxoil4LIUA1g7gEJvX3/frgKbbgSsvQWZkstsVxnFdkErZ2kIYO0CCh18/X27TL+M9BbA2ppxMT0NTravx/TGBndphhIHeYCx8ukPDxDfzHCjVj30xw4Iu7x2UJvV/z/Jc3STf6bRsU2YucZ2VavIAEOejZtIn5w6qxWCubSaVgJlQrFjrjIqxT7W7QsocfCFYPn7dnZHCgQHXzbA/Kdku4FCOd8O374cxXfSDYdzMiSX/GlB8Q0oklZ/HcAevGOPdmSqVeE/5wvveb3IwjO+Hb59OQXHAatuYb62QAnBtSJy/+PMv/WrqaquRwFaGOe53mrCLxoFepZZwDpnhbLSEk02S1TdeXSudeZ+C4sd6ddVkHGC0AAjQgYC6BhgnS3K6Ds/Yg9aRY2Awne9/P39pUb6MXr5dvj25ciYAawTORmSS8wOCPuBcIa28pCcKPmTBRRTGKoqOzUKUQf9zaljV2X2U1R0GrBeKcrFdeKjjIg1aIbygLIOQdouwHz9fbsKbHoGBKr2xrIKEEhmFLmlZMWSNAQoK9AuwHz9fbus3oz0xWCwiLYziljwtyJJGgOUFWwHYL7+RBIGUtINnw3JjFCCLSDio/ymHFK+DFAmt5WAobfFd2GP3wisvox0plcFpnXxtYwM6WlcFqGJRsRHxdATWjO3KQ3lYqcwWYAhN4Z8vbHHc8V5Yv4inJbM+j/l5bRrxHAaEUhGawmlOe+hEAuU1dEIMF+u5ctK0Re9jXx77FxG+hDnqZ8Vw68p+QXHecQ47vm3LqRDh93jQ9qPu7ymnVeWmT2bFqyZs8ScVJxXIOcaRtOiAOqr+ydCW4c2K5bc0ZOXdqRZeThw7Uho8O5ueqCBtVH1E085mqNjcolIu9e9CverwsoQrKjoml5nLP2Cd6Ov040O3J06LsV3CKzVpBvqgClPUJQfUcEWO8Dgjoi79UDoaYNp9MeOQPohQJHXfBbHD/NTRDRFooKN2IeLiEyxYh1N0e9t6WmE/hFu4DEr54P1B50MGs2z4E9UMMS0gdDE5eYG9YmsdvygF/rZxBm9/Q2Lgjp/r+vp4zYFS00Nc39cUDi9TPi0TUDZ4X1FCnUjoZfFZqAvekfQd60LUiYFqyLgUaXTlePchMgUwqclLMl3WvtvhCZ2E6EPekHoib4RET9/V7FXk8KVnyqwJJBByI/8DHnHbCkRPm2E/+oWwGpjStHT3wIznXPSe/xWRb4qsCoFDyl9qnJcmBBnTvi0EYC9NLN2PgwfRf3oYYR+kfHwYFDnvxs+FDRIPaDMfHQiaJbJc7U2vJvH85UWB98QLNnOqP4+Jd/jOJTW+g0Lhgf21MNHdeQNC8ARWAymcHIf5X8osVZ01b27AzgC7Holz4nH+B9KDAKvqrfCDBgB9hUdPy4O8l9WjpRFtqvmfUMzXIB9U8cP2v+YFOcf8yYr227sTLHCwexgXb3JasAIsB/oOHgMZuUsxXha2hX/jrQZ3CxgJoe1LSLuCCSLfvteczuWuANXOK3KrDT4ZXIEZA4dsqRXuuRPdD3ah2XJ5DwAEs1C16MV0hXpksznWgSMXz0j1vZ+18FqE2A4/YfFUU9JK7/G6Zuqv9QXQxpNdwpt0YDvN8p0szhoZ6hQYOcyHFZVvDSe+5Z9W9RRCxsU3ydeEnczteQrRy0BUSgdEP+jS9Hqju9n+UgLKL6l9XXx0S4BrTu/zFYDWr/AOig+skagdf83/3zAOBZQvOryRTEf+Donbid15GuS0eOsWlBC/gsl9iW/LP6C+PPi68TN0usS8EcxH6z4be2qZrPCG5XvCFi1FQu8SZ1j6YdXYeC9YuLxiZyGicQltpuoRPiEmJVLwqPgZwXOtNKO0v8BzRAPSFNM7HEAAAAASUVORK5CYII=");

background-size: 25px 25px;

background-position: center;

}


#ms-outlook-ios-main-container {

margin: 0 0 0 0;

margin-top: 120;

padding: 8;

}


#ms-outlook-ios-content-container {

padding: 0;

padding-top: 12;

padding-bottom: 20;

}


.ms-outlook-ios-mention {

color: #333;

background-color: #f1f1f1;

border-radius: 4px;

padding: 0 2px 0 2px;

pointer-events: none;

text-decoration: none;

}</style>

<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0">

<!-- This file has been automatically generated. See web/README.md -->

<div>

<div>

<div style="direction: ltr;">Hello,</div>

<div><br>

</div>

<div style="direction: ltr;">What also should be mentioned is that the old CAPI clients cannot access CNG Keys. Which is especially a pity since only the new keys benefit from the cryptographic process isolation (not to mention the confusion that it’s hard

 to see which provide hosts them)</div>

<div><br>

</div>

<div style="direction: ltr;">Gruss</div>

<div style="direction: ltr;">Bernd</div>

</div>

<div><br>

</div>

<div class="ms-outlook-ios-signature">

<div style="direction: ltr;">Gruss</div>

<div style="direction: ltr;">Bernd</div>

<div style="direction: ltr;">-- </div>

<div style="direction: ltr;">http://bernd.eckenfels.net</div>

</div>

</div>

<div> </div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="dir="ltr""><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>Von:</b> -980814368m Auftrag von

<br>

<b>Gesendet:</b> Mittwoch, August 8, 2018 12:35 PM<br>

<b>An:</b> Oddbj┆rn Kvalsund; security-dev@openjdk.java.net<br>

<b>Betreff:</b> Re: JDK-6782021

<div> </div>

</font></div>

<meta content="text/html; charset=utf-8">

Vinnie is not working on security-libs any more and I think the JBS report should be marked as unassigned.  If any contributors want to suggest a patch, then I think it can be reviewed on this list!<br>

<br>

regards,<br>

Sean.<br>

<br>

<div class="moz-cite-prefix">On 07/08/2018 06:36, Oddbj┆rn Kvalsund wrote:<br>

</div>

<blockquote type="cite">

<div dir="ltr"><span style="color:rgb(33,33,33); font-size:13px">Hi,</span>

<div style="color:rgb(33,33,33); font-size:13px"><br>

</div>

<div style="color:rgb(33,33,33); font-size:13px">I was just bit by this issue <a href="https://bugs.openjdk.java.net/browse/JDK-6782021" target="_blank">[JDK-6782021] It is not possible to read local computer certificates with the SunMSCAPI provider</a> and

 from StackOverflow I notice that several other people (see [1][2][3]) have come across the same problem. Coming up on the 10th anniversary for this issue; any chance we'll see some love for it? Or at least a comment on the issue on what timeline to expect

 and a list of workaround/alternative solutions for the meantime?</div>

<div style="color:rgb(33,33,33); font-size:13px"><br>

</div>

<div style="color:rgb(33,33,33); font-size:13px">Background: I'm working with a company having primarily Microsoft infrastructure and they have a routine where all Windows servers automatically receive new certificates/keys when the old ones expire. These certificates

 are installed in the "Local Computer ℃ Private" certificate store. They're quite fond of this system and hesitant to diverge from it, so my preferred option is to just "get with the program". To temporarily get around JDK-6782021 I created a small utility

 [5] that intercepts the JDKs call to 'CertOpenSystemStore' [4] and presents a read-only virtual certificate store combining all certificates and keys from the "Current User" and "Local Computer" certificate stores, but this may have unexpected implications

 that I've not yet uncovered, so I'd much prefer not having to do this. A more thorough solution would be to use the commercial Pheox JCAPI [6] product, but this is rather expensive and way overkill for what I (and most others, it seems) need.</div>

<div style="color:rgb(33,33,33); font-size:13px"><br>

</div>

<div style="color:rgb(33,33,33); font-size:13px">References:</div>

<div style="color:rgb(33,33,33); font-size:13px">[1] <a href="https://stackoverflow.com/questions/3612962/access-local-machine-certificate-store-in-java/51708360" target="_blank">https://stackoverflow.com/questions/3612962/access-local-machine-certificate-store-in-java/51708360</a><br>

</div>

<div style="color:rgb(33,33,33); font-size:13px">[2] <a href="https://stackoverflow.com/questions/51205158/access-windows-local-machine-personal-keystore-with-java-sunmscapi" target="_blank">https://stackoverflow.com/questions/51205158/access-windows-local-machine-personal-keystore-with-java-sunmscapi</a></div>

<div style="color:rgb(33,33,33); font-size:13px">[3] <a href="https://stackoverflow.com/questions/51193143/use-jna-to-get-local-machine-certificate" target="_blank">https://stackoverflow.com/questions/51193143/use-jna-to-get-local-machine-certificate</a></div>

<div style="color:rgb(33,33,33); font-size:13px">[4] <a href="http://hg.openjdk.java.net/jdk/jdk/file/tip/src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp" target="_blank">http://hg.openjdk.java.net/jdk/jdk/file/tip/src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp</a></div>

<div style="color:rgb(33,33,33); font-size:13px">[5] <a href="https://github.com/oddbjornkvalsund/wcsa" target="_blank">https://github.com/oddbjornkvalsund/wcsa</a></div>

<div style="color:rgb(33,33,33); font-size:13px">[6] <a href="https://pheox.com/products/jcapi/" target="_blank">https://pheox.com/products/jcapi/</a></div>

<div style="color:rgb(33,33,33); font-size:13px"><br>

</div>

<div style="color:rgb(33,33,33); font-size:13px">Best regards,</div>

<div style="color:rgb(33,33,33); font-size:13px">Oddbj┆rn Kvalsund</div>

</div>

</blockquote>

<br>

</div>

</body>

</html>