Is there a way to access the windows local machine personal key storage with Java using SunMSCAPI?
Usually, you can use either WINDOWS-ROOT (which is roughly the equivalent to the trusted storage in Java) or WINDOWS-MY (which contains the personal certificates which is roughly equivalent to the key storage in Java) to retrieve certificates from the windows certificate storage.
This works fine for users, but even when impersonating the SYSTEM user, I was not able to retrieve the local machine's personal certificates.
There exist some questions regarding this that use JNA (which I would like to avoid, especially since it seems to be complicated to retrieve the private key from there).
Also, someone used psexec to impersonate the SYSTEM user (using psexec -s). I also tried this, but have not been successful.
In the end, there is also an open bug in the Java Bug System.
If anyone has an idea on how to retrieve certificates from the local machine personal storage in windows using Java, I would be grateful.
After fourteen years in the bug tracker, JDK-6782021 was finally fixed in Java 19 (Spring 2022). This means this is no longer an issue.
Yes and no. You can use the wcsa utility, which will intercept JVM calls to the Windows Crypto API and let you access the local machine credentials. This is of course a hack around the real problem, JDK-6782021, which was reported ten years ago. But it does let you access the local machine certificates in a pretty painless way!
So yes, it is possible to access them, but no, it's not possible to access them using the plain Java API. You can access them using normal Java using the commercial product JCAPI, though, but for most uses the wcsa util is fine.
The Open JDK maintainers are willing to take a patch, though, so maybe you can have a stab at fixing it using the code provided in the wcsa repo :)