Using Windows 7, JDK 6 (and 7).

I'm trying to get personal certificates stored in Windows MSCAPI key store and it's basic properties (in order to use private key for signing). However some aliases are identified not having private key (isKeyEntry == false) although it acctually has one.

Any suggestions how to deal with this "feature"?

The P12 file with certificate (already revoked) & private key having this weird "property" can be downloaded from http://download.upce.cz/terena-public.pfx. Password is "password".

KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
ks.load(null, null);
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
    String alias = (String) aliases.nextElement();
    X509CertImpl certificate = (X509CertImpl)ks.getCertificate(alias);
    System.out.println("Alias: " + alias);
    System.out.println("  Subject: " + certificate.getSubjectDN());
    System.out.println("  Issued By: " + certificate.getIssuerDN());
    if (ks.isKeyEntry(alias)) {
        System.out.println("  Has private key");
    }
}

I imported your pfx-file into Mozilla Thunderbird and exported it as p12-file. Now I can see it through MSCAPI. There must be something in the original certificate that prevents MSCAPI to see the private key.

I compared the files and I noticed that in the original file the Key Usage section is used.

Original pfx:

Bag Attributes
   localKeyID: 01 00 00 00
   friendlyName: le-b6311e84-87e7-4e02-9cf6-4012518e0541
   Microsoft CSP Name: Microsoft Software Key Storage Provider
Key Attributes
   X509v3 Key Usage: 90

Converted p12:

Bag Attributes
   friendlyName: le-b6311e84-87e7-4e02-9cf6-4012518e0541
   localKeyID: 47 E4 D3 F0 75 48 9D 77 07 E9 51 A4 F1 B6 DF E9 40 80 26 7A
Key Attributes: <No Attributes>

There are more differences in the two files, but I'm not sure which one causes the unwanted behaviour.