JDK-6318171 : Enable access to Microsoft CryptoAPI (CAPI) keystores and cryptographic operations
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 6
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2005-08-31
  • Updated: 2010-04-02
  • Resolved: 2005-09-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
6 betaFixed
The dominant (native) API for cryptographic operations on Windows is the Microsoft CryptoAPI (MS CAPI). Java applications currently have no way of accessing CAPI short of writing their own JNI wrappers.

This means Java applications can currently not:

 (1) access private keys and certificates stored in CAPI software providers.

 (2) access private keys and certificates stored in CAPI registered Smartcards. [Note that crypto Smartcard support is available in Tiger via PKCS#11, but this is not always available and may cause behavior somewhat different than other Windows applications]

 (3) utilize the Windows CAPI crypto algorithm implementations, which may be more heavily optimized than our own.

This feature will change that by implementing a new Java cryptography provider. It will implement the standard JCA/JCE APIs via corresponding CAPI calls. Because this provider plugs into the existing Java security framework, existing applications will benefit automatically and do not need to be changed.

EVALUATION Implement a JCE provider that enables access to CAPI functionality.