New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Public certificate not displayed #217
Comments
Uh oh, already covered by #35 |
Unfortunately KSE doesn't even know that those entries exist, because it uses the Java keystore API (the first screenshot shows all the information that the keystore API provides). I could parse PKCS#12 files with BC's low level API and check if there are any possible incompatibilities and notify the user or maybe even fix them. But ...
That being said, if there is enough demand for this feature, I would implement it. So, everybody who wants this feature in KSE, just vote for it by giving this comment a thumbs up. |
Regarding the number of thumbs-up on the previous post: The number of people who are affected by the PKCS12 JCE problem is most likely much higher than the number of thumbs-up responses would indicate because:
|
@jpstotz I am aware of the importance of this ticket and as I have already told you this will be addressed in the KSE release after the next together with other PKCS#12 related issues. This requires some work however and can't be just "fixed", at least not in KSE. Also keep in mind that this behaviour is consistent over all Java applications. If you use keytool to list the content of such a keystore, it will also tell you there is no content. If you use it for Tomcat's SSL configuration, it simply won't work. Of course you often can add BC and if you position it before the default Java PKCS#12 provider, then it will process those p12 files, but then again you have to know what the problem is and how to solve it. Or in other words: If KSE simply used the BC provider for p12 there would be loads of bug reports here complaining that the p12 files from KSE do not work in their Java application. And one last word for everyone that is affected by this: I understand that it seems easier and with a higher chance for success to create a ticket here, but as this is actually a problem in the Java runtime code, you should really consider adding a ticket in the Java Bug Database as well. |
Thought I would point out that |
@lhunath Portecle uses BouncyCastle KeyStore implementation: https://github.com/scop/portecle/blob/67456dc1729f28be03ab2079a329c585ad1d96df/src/main/net/sf/portecle/crypto/KeyStoreUtil.java#L91-L100 That the BouncyCastle implementation works I already mentioned here: #391 (comment) |
@kaikramer I fully agree with you that these issues need to be fixed in the default Java PKCS#12 provider rather than in KSE, and the best place to discuss a resolution is in the Java Bug Database, however as non-developers/experts in this specific area it is a challenge for us to create accurate and topical bug reports there. I suspect you have a better grasp on the specifics, so perhaps if you can link to a bug upstream, I would certainly be happy to offer my support there. |
@lhunath This might be easier than you think, because KSE behaves exactly like keytool. So you can simply say "I have a p12 file here with a certificate and keytool shows it as empty". Maybe with a concrete example:
By the way in the latest OpenSSL release 3.2 a new option for creating PKCS#12 files was added that makes them compatible with Java - but only for pure truststores (no private keys):
Example:
|
Describe the bug
Public certificate not shown in a PKCS12 keystore.
I'd rather not share the certificate, so maybe there is some obvious shortcoming of Java that I'm missing that stops Keystore Explorer from displaying certain types of public certificates?
I am ready to provide the details of the file, keystore, certificate.
To Reproduce
Steps to reproduce the behavior:
4a. Use Windows 10 dialog to import certificate - a new entry is imported
4b. Use a 3rd party app XCA to inspect the keystore - it does contain a single entry
Expected behavior
Either the certificate should be displayed, or the number of stored items must be non-zero.
Screenshots
Environment
Thank you.
The text was updated successfully, but these errors were encountered: