Some certificates private keys in Windows-MY not detected

[亡魂溺海] 提交于 2019-12-06 14:14:06

问题


Using Windows 7, JDK 6 (and 7).

I'm trying to get personal certificates stored in Windows MSCAPI key store and it's basic properties (in order to use private key for signing). However some aliases are identified not having private key (isKeyEntry == false) although it acctually has one.

Any suggestions how to deal with this "feature"?

The P12 file with certificate (already revoked) & private key having this weird "property" can be downloaded from http://download.upce.cz/terena-public.pfx. Password is "password".

KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
ks.load(null, null);
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
    String alias = (String) aliases.nextElement();
    X509CertImpl certificate = (X509CertImpl)ks.getCertificate(alias);
    System.out.println("Alias: " + alias);
    System.out.println("  Subject: " + certificate.getSubjectDN());
    System.out.println("  Issued By: " + certificate.getIssuerDN());
    if (ks.isKeyEntry(alias)) {
        System.out.println("  Has private key");
    }
}

回答1:


I imported your pfx-file into Mozilla Thunderbird and exported it as p12-file. Now I can see it through MSCAPI. There must be something in the original certificate that prevents MSCAPI to see the private key.

I compared the files and I noticed that in the original file the Key Usage section is used.

Original pfx:

Bag Attributes
   localKeyID: 01 00 00 00
   friendlyName: le-b6311e84-87e7-4e02-9cf6-4012518e0541
   Microsoft CSP Name: Microsoft Software Key Storage Provider
Key Attributes
   X509v3 Key Usage: 90

Converted p12:

Bag Attributes
   friendlyName: le-b6311e84-87e7-4e02-9cf6-4012518e0541
   localKeyID: 47 E4 D3 F0 75 48 9D 77 07 E9 51 A4 F1 B6 DF E9 40 80 26 7A
Key Attributes: <No Attributes>

There are more differences in the two files, but I'm not sure which one causes the unwanted behaviour.



来源:https://stackoverflow.com/questions/13652206/some-certificates-private-keys-in-windows-my-not-detected

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!