Allow to open "Windows-ROOT" as special keystore

On Windows KSE allows to see the certificates of the currently logged-in user (similar to certmgr). This native user certificate store is also known as the "Windows-MY" keystore:

<img width="493" height="199" alt="Image" src="https://github.com/user-attachments/assets/6add488f-10a9-42c8-8458-c43b3e195f46" />

And in KSE's preferences window the Windows certificate store for trusted root certificates ("Windows-ROOT") can be selected as one of the sources for trust checks:

<img width="505" height="176" alt="Image" src="https://github.com/user-attachments/assets/aef648e7-b2c0-4b6c-bb47-f0e115f6ce73" />

To actually see the root certificates that are stored in Windows-ROOT one has to open a different application. KSE should be able to display the content of the Windows-ROOT keystore on its own.

Documentation of the relevant SunMSCAPI Provider:
https://docs.oracle.com/en/java/javase/17/security/oracle-providers.html#GUID-4F1737D6-1569-4340-B140-678C70E63CD5

There are four Windows keystores defined by the SunMSCAPI provider:
Windows-MY-CURRENTUSER (also known as Windows-MY)
Windows-ROOT-CURRENTUSER (also known as Windows-ROOT)
Windows-MY-LOCALMACHINE
Windows-ROOT-LOCALMACHINE

For this ticket the two "-LOCALMACHINE" variants are being ignored, but if there is demand, we might consider adding them as well.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow to open "Windows-ROOT" as special keystore #746

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Allow to open "Windows-ROOT" as special keystore #746

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions