|
An implementation of the JCE KeyPairGenerator would add a lot of power/security to JCAPI - the ability to generate a key pair entirely within the Microsoft cryptographic store, so that it could be referenced by a JCAPIRSAPrivateKey handle without the private key ever have to leave MS CAPI.
This would be particularly useful if coupled with the ability to update an existing key/certificate pair with a new certificate but the same key (the JCA specifications for KeyStore.setKeyEntry theoretically support this, the biggest complication here would probably be the difference between JCE aliases and MS-CAPI friendly name, and how they respectively deal with collisions).
[Note: Java's built in "SunMSCAPI" provider does already support KeyPairGenerator, but the provider doesn't support many other JCA features, so you still end up having to export the key to do much useful with it. Depending on how the KeyPair references work in SunMSCAPI, a JCAPI KeyFactory implementation capable of converting SunMSCAPI handles to JCAPIRSAPrivateKey handles could provide similar end functionality - I'm not sure Oracle exposes enough of SunMSCAPI to do that without having to export the key first, though]
|
![[Search]](/templates/pheox/images/icon_mini_search.gif){kind=icon}
![[Recent Topics]](/templates/pheox/images/icon_mini_recentTopics.gif){kind=icon}
![[Groups]](/templates/pheox/images/icon_mini_groups.gif){kind=icon}
![[Register]](/templates/pheox/images/icon_mini_register.gif){kind=icon}
![[Login]](/templates/pheox/images/icon_mini_login.gif){kind=icon}
![[Post New]](/templates/pheox/images/icon_minipost_new.gif){kind=icon}
![[Up]](/templates/pheox/images/icon_up.gif){kind=icon}
