MS-Windows stores certificates and private keys in a registry-based certificate store which are accessed by applications such as IE, Outlook Express, MS-Outlook and so on. MS CryptoAPI lets any WIndows application to access these certificates.
Java programs, on the other hand, must maintain their own certificate store in different file -- one for trusted CAs and one for personal certificates.
Wouldn't it be nice if Java programs running on Windows could access the default certificate store and save the poor user from the trouble of maintaining multiple stores and allow him/her to work with much nicer Windows CertMgr Wizards than the crappy keytool.
Well, this is now possible, at least in theory, through Assembla JCE Provider, a JCE provider that exposes a number of MS CryptoAPI capabilities. The provider itself is a thin wrapper over the MS CryptoAPI.
I played with it a little bit. Comes with a good Windows based installer. However, I had to manually copy the jar file in J2SDK_HOME\jre\lib\ext and modify the java.security file. Nice to see that the provider jar class is signed by JCE Code Signing CA.
Once installed, using this from my very own JSTK was straight-forward.
But before you rush to download, install and use Assembla JCE provider let me warn you that
- Although Assembla is free to use, it is not open source.
- The MS CryptoAPI doesn't lend itself very well to JCE API and it shows. Read the Assembla Javadocs for more details.
- It is not possible to extract the private key from a key entry.
- JSSE cannot use (at least in the version 1.21 that I played with ) the KeyStore created by this provider.