RSASSA-PSS algorithm is not supported within MS-CAPI keystore

[bsanchezb]

Hello,

When attempting to sign using Windows-MY (MS-CAPI) keystore with RSASSA-PSS encryption scheme, BC provider throws an exeption:

Caused by: java.security.InvalidKeyException: Supplied key is not a RSAPrivateKey instance
	at org.bouncycastle.jcajce.provider.asymmetric.rsa.PSSSignatureSpi.engineInitSign(Unknown Source)
	at java.base/java.security.Signature$Delegate.engineInitSign(Signature.java:1357)
	at java.base/java.security.Signature.initSign(Signature.java:636)

With MSCAPI returning an instance of sun.security.mscapi.CPrivateKey as a private key.

Below is a minimal reproduction example:

    @Test
    void bcRsaSsaPssTest() throws Exception {
        Security.addProvider(new BouncyCastleProvider());

        KeyStore keyStore = KeyStore.getInstance("Windows-MY");
        keyStore.load(null, null);

        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(
                "alice cert", new KeyStore.PasswordProtection("nimp".toCharArray()));

        Signature signature = Signature.getInstance("SHA256withRSAandMGF1", "BC");
        signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-256"), 32, 1));
        signature.initSign(privateKeyEntry.getPrivateKey());
        signature.update("Hello World".getBytes());
        byte[] signatureValue = signature.sign();
    }

While working well when using the SunMSCAPI as the provider (which also expects another signature algorithm):

Signature signature = Signature.getInstance("RSASSA-PSS", "SunMSCAPI");

Would it be possible to add a support for MS-CAPI keystore to sign with RSASSA-PSS scheme? Please note that RSA with PKCS 1.5 scheme works well.

[dghgit]

Possibly, what does the private key return when you call getEncoded()?

[bsanchezb]

privateKeyEntry.getPrivateKey().getEncoded() returns null