Load Java KeyStore for one alias?

2019-03-29 19:56发布

Does anyone know if it is possible to load a KeyStore so that it only prompts for the password for the given alias?

Example:

In my key store i have two private keys: Alice's Encryption Certificate and Bob's Encryption Certificate.

When i load my key store:

keyStore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
keyStore.load(null);

I am prompted for both Alice's and Bob's key store password. Once they are entered i can use getKey("Alice's Encryption Certificate", null); to retrieve Alice's private key. My keys are protected by Entrust's Security Provider, it is who prompts me for the passwords upon loading the key store. If i do not enter Bob's password and try to get his key it will return null, which is fine, but i would like to avoid the password prompt.

Is it possible to somehow specify that i only want Alice's key before loading the key store so i am never prompted for Bob's password?

Thanks.

1条回答
成全新的幸福
2楼-- · 2019-03-29 20:33

We had the same issue and couldn't find a way to do it. Basically, you are asking if there is a way to load the keystore partially. It makes things more complicated that MSCAPI provider ignores any password you provide.

We get around the issue by storing only one key With MSCAPI keystore. It turns out this works better with the security model of Smartcard also.

查看更多
登录 后发表回答