I'm adding a key pair (private key and certificate) to windows key store in java. I need to make private key not exportable. Java code which does this makes private key exportable. How can I change this?
I didn't find any properties or attributes in which this can be changed. Keystore.store method gets LoadStoreParameter but it looks like it's about setting password for private key.
PrivateKey privateKey=...;
Certificate certificate=...;
KeyStore keyStore = KeyStore.getInstance("Windows-MY");
keyStore.load(null);
keyStore.setKeyEntry("alias",privateKey,"".toCharArray(),new java.security.cert.Certificate[]{certificate});
Access to windows cryptographic services is managed by the SunMSCAPI provider. It provides a bridge between java JCE API and windows services. See documentation
The SunMSCAPI provider enables applications to use the standard JCA/JCE APIs to access the native cryptographic libraries, certificates stores and key containers on the Microsoft Windows platform. The SunMSCAPI provider itself does not contain cryptographic functionality, it is simply a conduit between the Java environment and the native cryptographic services on Windows.
The WINDOWS-MY keystore in SunMSCAPI uses the standard Java KeyStore API, and it does not define any type of "extractable" property, so I'm afraid you will not be able to establish it.