<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<div dir="ltr">
<div></div>
<div style="">
<div>
<div dir="ltr">
<div dir="ltr" style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
Hello,</div>
<div dir="ltr" style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<br>
</div>
<div dir="ltr" style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
> <span style="caret-color: rgb(225, 225, 225); display: inline !important;">Correct, it does enable access to certificates and keys that require next (second) generation,<span> </span></span></div>
<div dir="ltr" style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<span style="caret-color: rgb(225, 225, 225); display: inline !important;"><span> </span></span></div>
<div dir="ltr" style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 0);">
<font><span style="caret-color: rgb(225, 225, 225);">That’s strange, I am quite sure I tried CNG RSA and EC Keys after OpenJDK claimed to support it. So maybe there is more than one condition to it (or the handle just works transparently regardless of its type?)<span id="ms-outlook-ios-cursor"></span></span></font></div>
<div dir="ltr" style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 0);">
<font><span style="caret-color: rgb(225, 225, 225);"><br>
</span></font></div>
<div dir="ltr" style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 0);">
<font><span style="caret-color: rgb(225, 225, 225);">Gruss</span></font></div>
<div dir="ltr" style="background-color: rgb(255, 255, 255); color: rgb(0, 0, 0);">
<font><span style="caret-color: rgb(225, 225, 225);">Bernd</span></font></div>
</div>
</div>
<div id="ms-outlook-mobile-signature">
<div style="direction:ltr">-- </div>
<div style="direction:ltr">http://bernd.eckenfels.net</div>
</div>
</div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>Von:</b> Mat Carter <notifications@github.com><br>
<b>Gesendet:</b> Wednesday, April 27, 2022 11:41:45 PM<br>
<b>An:</b> openjdk/jdk <jdk@noreply.github.com><br>
<b>Cc:</b> Bernd <ecki@zusammenkunft.net>; Comment <comment@noreply.github.com><br>
<b>Betreff:</b> Re: [openjdk/jdk] JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider (PR #8211)</font>
<div> </div>
</div>
<div>
<p></p>
<p><b>@macarte</b> commented on this pull request.</p>
<hr>
<p>In <a href="https://github.com/openjdk/jdk/pull/8211#discussion_r860267003">src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp</a>:</p>
<pre style="color:#555">> @@ -469,7 +484,7 @@ JNIEXPORT void JNICALL Java_sun_security_mscapi_CKeyStore_loadKeysOrCertificateC
PP("--------------------------");
// Check if private key available - client authentication certificate
// must have private key available.
- HCRYPTPROV hCryptProv = NULL;
+ HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv = NULL;
</pre>
<p dir="auto">Correct, it does enable access to certificates and keys that require next (second) generation, that were previously inaccessible. I've just realized the implication of this on existing applications and so I'm going to pause and run some test,
especially around enumeration</p>
<p style="font-size:small; color:#666">—<br>
Reply to this email directly, <a href="https://github.com/openjdk/jdk/pull/8211#discussion_r860267003">
view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AACYHWCQRJFOVR27JENO5A3VHGYBNANCNFSM5TIH5GZQ">
unsubscribe</a>.<br>
You are receiving this because you commented.<img src="https://github.com/notifications/beacon/AACYHWGD6KPI4Y7ABVQZ6HLVHGYBNA5CNFSM5TIH5GZ2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOHD2NNMI.gif" height="1" width="1" alt=""><span style="color:transparent; font-size:0; display:none; visibility:hidden; overflow:hidden; opacity:0; width:0; height:0; max-width:0; max-height:0">Message
ID: <span><openjdk/jdk/pull/8211/review/955569841</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
</div>
</body>
</html>