Hello, > Correct, it does enable access to certificates and keys that require next > (second) generation,
That’s strange, I am quite sure I tried CNG RSA and EC Keys after OpenJDK claimed to support it. So maybe there is more than one condition to it (or the handle just works transparently regardless of its type?) Gruss Bernd -- http://bernd.eckenfels.net ________________________________ Von: Mat Carter <notificati...@github.com> Gesendet: Wednesday, April 27, 2022 11:41:45 PM An: openjdk/jdk <j...@noreply.github.com> Cc: Bernd <e...@zusammenkunft.net>; Comment <comm...@noreply.github.com> Betreff: Re: [openjdk/jdk] JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider (PR #8211) @macarte commented on this pull request. ________________________________ In src/jdk.crypto.mscapi/windows/native/libsunmscapi/security.cpp<https://github.com/openjdk/jdk/pull/8211#discussion_r860267003>: > @@ -469,7 +484,7 @@ JNIEXPORT void JNICALL > Java_sun_security_mscapi_CKeyStore_loadKeysOrCertificateC PP("--------------------------"); // Check if private key available - client authentication certificate // must have private key available. - HCRYPTPROV hCryptProv = NULL; + HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProv = NULL; Correct, it does enable access to certificates and keys that require next (second) generation, that were previously inaccessible. I've just realized the implication of this on existing applications and so I'm going to pause and run some test, especially around enumeration — Reply to this email directly, view it on GitHub<https://github.com/openjdk/jdk/pull/8211#discussion_r860267003>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AACYHWCQRJFOVR27JENO5A3VHGYBNANCNFSM5TIH5GZQ>. You are receiving this because you commented.Message ID: <openjdk/jdk/pull/8211/review/955569...@github.com>
