Hello Tommy,

Any news on when JCAPI v3.0 will be released?

Cheers,

Francois

Hey Tommy,

Thanks for your reply, and sorry also for my late answer (I never got / never saw an email to alert me of a new message in this thread).

Great! When do you plan to have a first of JCAPI v3.0 out? Which quarter of 2016 are you targeting for release?

In the meantime, I would very much like to try another JCE provider alternative to SunMSCAPI that supports modern crypto, but I know of no other. Do you?

BTW, I posted this in Stack Overflow:

http://stackoverflow.com/questions/32239859/is-it-possible-to-load-next-generation-certificates-from-the-microsoft-keystore

François

Hello,

I'm looking into JCAPI as a solution to avoid having to export certs from MS stores and import them into JKS stores. I would like to get the certs directly from the MS stores from Java.

I managed in the past to get the certs I needed directly from the MS stores using SunMSCAPI, but these were certs created from a typical AD CS web server template using typical crypto.

However, I now need, as per my client's requirements, to get certs generated using modern crypto, specifically ECDH with SHA383. To test, I generated a cert via AD CS for my machine, moved it to my user store, exported it to a .pfx file and created a .jks file by importing this .pfx file.

I then created two test methods (see attached .zip file, a NetBeans project, containing the .pfx, .jks and Certificates.java files):

Method Certificates.Standard() uses standard JDK mechanisms to load keys from the .jks file. With this code, I manage to get a secured HTTPS connection using Chrome (which also confirms the connection uses "modern crypto").

Method Certificates.JCAPI() tries to do the same, but using JCAPI to get the cert directly from the MS store instead of the .jks file. Unfortunately, I get the following exception (BTW, note the grammatic error in the message) :

java.security.NoSuchAlgorithmException: This key store instance do only support RSA and DSA keys.

	at com.pheox.jcapi.f.n(Unknown Source)

	at com.pheox.jcapi.JCAPIKeyStore.engineGetKey(Unknown Source)

	at java.security.KeyStore.getKey(KeyStore.java:1023)

	at sun.security.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:133)

	at sun.security.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:70)

	at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:256)

	at ca.logisphere.Certificates.JCAPI(Certificates.java:79)

	at ca.logisphere.Certificates.main(Certificates.java:14)

Am I doing something wrong? Is what I'm trying to do possible with JCAPI?

Thanks,

François