Current support for KeyStores on Windows is limited to the current user location [1] There has been previous request for local machine support [2] along with discussion in the security-dev mailing list [3], further discussions have occurred on stackoverflow in the past [4] and [5] Using JNI you can access local machine locations but then you are duplicating much of the existing native functionality; this also adds the requirement that developers need to know C/C++ and the Windows cryptography API. Given the above I propose that we add native support for local machine KeyStore locations Users can currently access two physical key stores (in the current user location): "Windows-MY": .Default "Windows-ROOT": .Default.LocalMachine, .SmartCard Adding the local machine location opens up access to a further two physical key stores … "Windows-MY": .Default "Windows-ROOT": .Default.AuthRoot, .GroupPolicy, .Enterprise, .SmartCard Please let me know if there are any existing efforts to bring this functionality to Java, or references to prior decisions on this subject
Thanks in advance Mat Carter [1] https://docs.microsoft.com/en-us/windows/win32/seccrypto/system-store-locations [2] https://bugs.openjdk.java.net/browse/JDK-6782021 [3] http://mail.openjdk.java.net/pipermail/security-dev/2018-August/017832.html [4] https://stackoverflow.com/questions/70200603/accessing-windows-local-machine-certificates-from-a-windows-service-written-in-j [5] https://stackoverflow.com/questions/3612962/access-local-machine-certificate-store-in-java Sent from Outlook
