Java security - MSCAPI provider: How to use without password popup?

Question

I\'ve managed to use Sun\'s MSCAPI provider in my application. The problem I\'m having now is that it always pops up a window, asking for a password, even though I\'ve provi

Answer 1

I resolved this problem setting the provider as follow:

signeData = gen.generate(content, ks.getProvider());

Where

ks is a KeyStore and

genis a CMSSignedDataGenerator

Answer 2

My guess is that Windows is popping up the pop up.

Import your key again using the Certificate Import Wizard, but make sure that you don't check the following option on the "Password" screen.

[_] Enable strong private key protection. You will be prompted every time the private key is used by an application if you enable this option.

Answer 3

The MSCAPI provider does not support providing the password to CAPI:

A compatibility mode is supported for applications that assume a password must be supplied. It permits (but ignores) a non-null password. The mode is enabled by default. (1)

To set the password through CAPI, you must call CryptSetKeyParam with the undocumented KP_KEYEXCHANGE_PIN or KP_SIGNATURE_PIN and hope your underlying hardware token provider supports it. (They are not completely undocumented - the documentation for Windows CE and Windows Mobile mention them (2) and they are included in the header files).