Search   Recent Topics     Member Listing   Register /  Login 
Implementation of KeyPairGenerator JCA Interface
Forum Index -> New Features
Author Message
chris.trufan
Visitor

Joined: Nov 10, 2011
Messages: 3
Offline

An implementation of the JCE KeyPairGenerator would add a lot of power/security to JCAPI - the ability to generate a key pair entirely within the Microsoft cryptographic store, so that it could be referenced by a JCAPIRSAPrivateKey handle without the private key ever have to leave MS CAPI.

This would be particularly useful if coupled with the ability to update an existing key/certificate pair with a new certificate but the same key (the JCA specifications for KeyStore.setKeyEntry theoretically support this, the biggest complication here would probably be the difference between JCE aliases and MS-CAPI friendly name, and how they respectively deal with collisions).

[Note: Java's built in "SunMSCAPI" provider does already support KeyPairGenerator, but the provider doesn't support many other JCA features, so you still end up having to export the key to do much useful with it. Depending on how the KeyPair references work in SunMSCAPI, a JCAPI KeyFactory implementation capable of converting SunMSCAPI handles to JCAPIRSAPrivateKey handles could provide similar end functionality - I'm not sure Oracle exposes enough of SunMSCAPI to do that without having to export the key first, though]
tommy
Pheox Support

Joined: May 30, 2005
Messages: 148
Offline

Hi Chris,

A key pair generator is already on our top list together with CNG support and some other utility features.
The biggest problem right now is actually to decide where it should be deployed i.e. in a minor release or together with CNG support in a major release of JCAPI.
But I can tell you that it will come.

Thanks for your constructive input. It's much appreciated.

Regards,
Tommy
 
  Forum Index -> New Features
Go to: