Accessing private key on Windows with SunMSCAPI (JDK 1.6u1)
I need to be able to generate PKCS7 signatures with certificates and private keys stored on Windows. I抳e tried to do that by using SunMSCAPI provider (JDK 1.6u1), but I haven抰 achieved the expected result. My program runs without errors and generates a signature, but the generated signature is invalid. All my private certificates and keys on the Windows repository are password protected, but when I run my program, there is no windows dialog asking for my key password. Is that normal?
Anyone can help me?
Thanks,
Juan Ram髇
[552 byte] By [
jrrubioa] at [2007-11-27 6:44:27]
# 1
You will not see a password pop-up, unless you create the pop-up yourself and prompt the user for it. Normally, you provide the password in the KeyStore.load() call. If you are prompting the user for the password (through the pop-up), then you would pass that into the ks.load() method.
# 2
Hi,
If I do this sample test, I don't nedd my own pop-up. The windows standard pop-up for certificate access appears. I don't need specify my password in the Keystore.getKey() call.
PrivateKey akey=(PrivateKey)_Keystore.getKey(vAlias, null);
try {
Signature sign = Signature.getInstance("SHA1withRSA", "SunMSCAPI");
sign.initSign(akey);
sign.update("Sample message".getBytes());
sign.sign(); // Windows password pop-up appears
} catch (Exception e) {
e.printStackTrace();
}
If I try to use the Cipher API instead the Signatue API, then no pop-up appears. I think my Provider for PKCS7 signture generation is using Cipher API instead Signature API.
PrivateKey akey=(PrivateKey)_Keystore.getKey(vAlias, null);
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding","SunMSCAPI");
cipher.init(Cipher.ENCRYPT_MODE, akey);
cipher.doFinal("kdkdkdkdkd".getBytes()); // No Windows password pop-up appears
} catch (Exception e) {
e.printStackTrace();
}
