Bug ID: JDK-8340661 Release Note: SunMSCAPI Provider Opens the Windows Local Computer Key Store in Read-Only Mode in Non-Elevated Processes

JDK-8340661 : Release Note: SunMSCAPI Provider Opens the Windows Local Computer Key Store in Read-Only Mode in Non-Elevated Processes

Type: Sub-task
Component: security-libs
Sub-Component: java.security
Affected Version:
11.0.29-oracle,17.0.17-oracle,21.0.9-oracle,24 11.0.29-oracle,17.0.17-oracle,21.0.9-oracle,24

Priority: P4
Status: Closed
Resolution: Delivered

Submitted: 2024-09-23
Updated: 2025-06-09
Resolved: 2024-12-05

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 17	JDK 21	JDK 24
11.0.29-oracleResolved	17.0.17-oracleResolved	21.0.9-oracleResolved	24Resolved

The Local Computer key store is accessed using the `CERT_STORE_MAXIMUM_ALLOWED_FLAG`. Since this store is typically managed by administrators for security reasons, processes are only given read-only access to specific private keys. By opening the store in read-only mode, non-elevated processes can now securely use these keys without requiring elevated permissions.

This release note is provided at https://github.com/openjdk/jdk/pull/16687#issuecomment-2354033793.

23-09-2024