These operations are functional only on Microsoft Windows platforms. The Windows system native KeyStores are opened and similar visualising and editing actions can be performed on these KeyStores with some limitations:
Private Key Fields are not available for inspecting;
DSA and EC(DSA)/ECGOST3410 Key Pairs cannot be generated and neither imported;
EC(DSA)/ECGOST3410 Certificates cannot be imported for safety reasons;
Key Pairs cannot be exported or copied;
Private Keys cannot be exported;
Undo/Redo functionality is not available due to the fact that all the actions are persistent, no save is needed, and so, it is possible that the KeyStore gets modified from outside between undo and redo, and then the behavior may be unexpected.
Especially for the Root KeyStore a native confirmation dialog will also appear for editing actions. This is not under the control of CERTivity. It is advisable to do the same logical confirmation both in the CERTivity confirmation dialog as well as in the Windows native one. As these are the Operating System KeyStores take care when editing, especially for the Root CA KeyStore. For example when renaming a certificate entry (key pairs can not be renamed), there are 2 native pop-ups appearing: First to confirm deleting of the certificate, and the second to confirm the import of the certificate with the new alias. If on the delete dialog "YES" is selected and on the import dialog "NO" is selected, then the node gets deleted. There is no way to recover the node back.
Due to a JRE 1.6 64-bit distribution limitation opening the Windows KeyStores is not functional on Microsoft Windows 64-bits Releases. JRE 1.7 resolves this issue, as well as using a 32-bit distribution of JRE 1.6.
The Windows-ROOT KeyStore contains all root CA certificates trusted by the machine.
In order to open the Windows Root KeyStore, click on Menu File > Open > Open Windows Root CA
KeyStore
. A new tab will be opened containing the
Windows Root KeyStore entries.
Native confirmation dialogs will be displayed upon, adding, deleting.
If you want to add an entry, but the current KeyStore already contains an entry with the same SHA1 fingerprint, you will have to choose to overwrite the old entry or not because Windows Root CA KeyStore do not allow more entries with the same content. The operating system, will ask for a confirmation of deleting the entry from the Root Store and also a Security Warning from the operating system will be displayed, informing about the installing of a new entry.
This operation is functional only on Microsoft Windows platforms.
In order to open Windows User KeyStore, click on Menu File > Open > Open Windows User
KeyStore
. A new tab will be opened containing the
Windows User KeyStore entries.
Due to a JRE 1.6 64-bit distribution limitation opening the Windows KeyStores is not functional on Microsoft Windows 64-bits Releases. JRE 1.7 resolves this issue, as well as using a 32-bit distribution of JRE 1.6. For this reason the bundled CERTivity setup is using the 32-bit distribution of JRE 1.7.