Java security - MSCAPI provider: How to use without password popup?

Question

I've managed to use Sun's MSCAPI provider in my application. The problem I'm having now is that it always pops up a window, asking for a password, even though I've provided it in the code. This is a problem, because I need the cryptography functionality in a webservice.

Here's the code I have now:

String alias = "Alias to my PK";
char[] pass = "MyPassword".toCharArray();

KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, pass);
Provider p =  ks.getProvider();

Signature sig = Signature.getInstance("SHA1withRSA",p);
PrivateKey key = (PrivateKey) ks.getKey(alias, pass)

sig.initSign(key);
sig.update("Testing".getBytes());
sig.sign();

This is working great, but I get a popup asking for the password when the last line is run. How do I prevent that?

score 5 · Accepted Answer · answered Jan 30 '09 at 15:00

5

The MSCAPI provider does not support providing the password to CAPI:

A compatibility mode is supported for applications that assume a password must be supplied. It permits (but ignores) a non-null password. The mode is enabled by default. (1)

To set the password through CAPI, you must call CryptSetKeyParam with the undocumented KP_KEYEXCHANGE_PIN or KP_SIGNATURE_PIN and hope your underlying hardware token provider supports it. (They are not completely undocumented - the documentation for Windows CE and Windows Mobile mention them (2) and they are included in the header files).

answered Jan 30 '09 at 15:00

Rasmus Faber

48,631
24
141
189

1

I know this is a little old, but i need the exact same thing. Do you have an example of setting this to avoid the pin popup? – Rafael Colucci May 31 '11 at 17:50
I filled a ticket to allow the password to be provided programmatically to the SunMSCAPI KeyStore, https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8232240 – Jaime Hablutzel Oct 18 '19 at 03:47

score 0 · Answer 2 · answered Jan 30 '09 at 13:31

0

My guess is that Windows is popping up the pop up.

Import your key again using the Certificate Import Wizard, but make sure that you don't check the following option on the "Password" screen.

[_] Enable strong private key protection. You will be prompted every time the private key is used by an application if you enable this option.

answered Jan 30 '09 at 13:31

Hes Siemelink

459
2
4

1

Thanks for your answer, but I can't re-import the certificate because it's not a file but a hardware token that I'm using. – Sietse Jan 30 '09 at 13:37
I have empty password in Java code. When I insert token to USB for first time and run Java application, popup window from token middleware is displayed and private key is accesible. But when I run application second and more times, application freezes. I must remove and insert token again. – Libor B. Nov 04 '16 at 08:26

score -1 · Answer 3 · edited Apr 30 '14 at 18:42

-1

I resolved this problem setting the provider as follow:

signeData = gen.generate(content, ks.getProvider());

Where

ks is a KeyStore and

genis a CMSSignedDataGenerator

edited Apr 30 '14 at 18:42

ugo

2,705
2
30
34

answered Apr 30 '14 at 18:12

José Fernandez

1
1

Java security - MSCAPI provider: How to use without password popup?

3 Answers3

Linked