Re: Service caching Smart Card credentials

From: Eric Perlin [MS] (ericperl_at_microsoft.com)
Date: 10/06/03 

Date: Mon, 6 Oct 2003 13:56:04 -0700

May I ask which CSP you are using?
Does the PIN prompt happen from the service? How?

If you load a CSP in a service, you should specify CRYPT_SILENT in
CryptAcquireContext.
That will prevent the CSP from displaying its own UI.

PIN caching behavior is not absolutely standard.
In any case, your service can call CryptSetProvParam for PP_SIGNATURE_PIN or
PP_KEYEXCHANGE_PIN with a NULL PIN.
This should cause the CSP to flush the cached PIN. 

-- 
Eric Perlin [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
---
"Nitesh Mehrotra" <news@nitesh.net> wrote in message
news:#FjN0kDjDHA.1004@TK2MSFTNGP09.phx.gbl...
> Hi!
>
> It seems like windows is caching the private key handle if you have a
> service (or I am doing something wrong). I am not sure how to fix this.
Here
> is what I am doing:
>
> 1.  I call CryptAcquireContext from my service.
> 2. I open the private key for a cert.
> 3. The private key lives on smart card, so user is prompted for the PIN -- 
> as expected
> 4. I use the private key, then close the cert handle
> 5. I call CryptReleaseContext(....)
> 6. Next time when I repeat this process, the user is not being prompted
for
> the PIN. If I stop the service, and then restart, the user does get
prompted
> for the PIN. It seems like the PIN is cached for the lifetime of the
> process.
>
> Does windows/smart card cache the PIN for the private key? Is there
> something I can do to make sure that the user is re-prompted for the PIN?
I
> don't think I have a handle leak.
>
> thanks
> Nitesh
>
>

Relevant Pages

  • RE: Password prompts when signing with smartcard
    ... The prompt to input the smartcard pin is shown by the Smartcard CSP ... while the application code is attempting to access the RSA private key ...
    (microsoft.public.dotnet.framework.clr)
  • Re: Disable PIN prompt in Smart Card Logon
    ... > Gina that a SC is inserted and then Gina prompts the user. ... Winlogon, including PIN prompt. ...
    (microsoft.public.platformsdk.security)
  • XP Login prompt for unresolved computer names
    ... The next test was to use the cmd prompt and do net use ... I can understand why it fails, there is no computer on the network ... something to enter your pin then have that something report, ... I am on a small network at home using Windows Server 2003 and XP ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Service caching Smart Card credentials
    ... You must check your CSP documentation. ... >Does the PIN prompt happen from the service? ... >PIN caching behavior is not absolutely standard. ... I open the private key for a cert. ...
    (microsoft.public.platformsdk.security)
  • Quicken "pin vault"
    ... entered that account's pin into the "vault" thinking that it would save ... me some time performing updates. ... the prompt for the vault's ... so I abandoned use of the vault. ...
    (comp.sys.mac.apps)