Using WINDOWS-MY Keystore with JDK 1.4

Question

I have to access the Windows certificate store to access certificates for some signing purposes. Presently I'm using the following method to access the Keystore:

KeyStore personalKS = KeyStore.getInstance("Windows-MY");
personalKS.load(null, null);

This works fine with JDK1.6 and fulfills all my requirements. However, due to "unavoidable configuration and legacy issues" (lets just leave it at that) I have to port the code to make it JDK 1.4 compatible at compile time. The issue I'm facing on running it on 1.4 is that it is not able to find the WINDOWS-MY Keystore:

java.security.KeyStoreException: Windows-MY not found

I think it should run okay when run on JRE1.6 while compiled at 1.4. Still, can anybody confirm if this KeyStore thing is just a runtime dependency? Also, is there any other third party provider that I can use that provides support for the WINDOWS-MY KeyStore at JDK1.4 level?

Answer 1

It is a runtime dependency in the sense that the keystore implementation are within Java cryptography providers. Providers themselves are simply present within .jar files. There is however a catch: providers need to be signed, and they need to be signed for the correct runtime. Since 1.5 the same signature seems to be OK for later runtimes as well, but that is certainly not the case for 1.4.

The support for Windows key stores is relatively new. I haven't heard of it before 1.6. It would be very tricky to create a provider that would do this in 1.4, so I would not hold my breath. It would be infinitely easier (from a development standpoint) to replace the signing process by a Windows specific one, that's for sure.