I have stumbled across a very weird behavior of mmc in the context of Windows-My. Steps to reproduce:
- Import a certificate with its respective private key into mmc. In my case I imported a .p12 file.
- Delete the previously added entry.
- Add the certificate to mmc (without the private key). In my case I imported a .pem file that contains exclusively the public key.
- Execute the following Java code (I have used Java 17):
KeyStore keyStore = KeyStore.getInstance("Windows-My", "SunMSCAPI");
keyStore.load(null, null);
- Refresh mmc and observe that the private key is again attached to the certificate, although it should have been deleted.
My question: Is this expected behavior? If so, why? If this is not expected behavior, then I assume it is a bug.
For convenience, here the commands that I have used to create the certificate and the private key:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
openssl pkcs12 -export -out keystore.p12 -inkey key.pem -in cert.pem