OK, the command is now certutil -v -p changeit -csp "Microsoft Software Key Storage Provider" -user -importpfx MY ks NoRoot,NoExport
Test still passes. Thanks, Max > On May 2, 2019, at 4:09 AM, Bernd Eckenfels <e...@zusammenkunft.net> wrote: > > Max, would it make sense to specify ` -csp "Microsoft Software Key Storage > Provider"` to make sure it stores the key in a CNG KSP? (I am not sure what > the default provider is). Also maybe make the key non-exportable to make sure > key-handles are actually used for the operations? > > Gruss > Bernd > > > -- > http://bernd.eckenfels.net > > Von: security-dev <security-dev-boun...@openjdk.java.net> im Auftrag von > Weijun Wang <weijun.w...@oracle.com> > Gesendet: Mittwoch, Mai 1, 2019 7:21 PM > An: security-dev@openjdk.java.net > Betreff: Re: RFR 8223063: Support CNG RSA keys > > It looks the Mach5 machines are Windows Server 2012 but mine is 2019. I > removed the "-f" option and everything looks fine now. > > --Max > > > On May 1, 2019, at 7:18 AM, Weijun Wang <weijun.w...@oracle.com> wrote: > > > > Please take a look at > > > > https://cr.openjdk.java.net/~weijun/8223063/webrev.00/ > > > > Unfortunately, although the new test I added succeeds on my own machine, > > the "certutil -importPFX" command inside always fail on Mach5 with > > > > Command line: [certutil -f -v -p changeit -user -importpfx MY ks NoRoot] > > A -- A-7626e24d-46df-4ba0-8880-9866bb1-01966 > > A -- A-7626e24d-46df-4ba0-8880-9866bb178ab6 > > CertUtil: -importPFX command FAILED: 0x80090029 (-2146893783 > > NTE_NOT_SUPPORTED) > > CertUtil: The requested operation is not supported. > > > > Maybe there is a permission issue. > > > > I'll study it for more, but If anyone of you can fix it I'll be very happy. > > > > Thanks, > > Max > > >
