Re: [SmartCard CSP] How can I obtain a PIN to sign HASH ?

From: Euphen Liu (euphen_liu_at_ncksoft.com)
Date: 10/10/03

Next message: Rhett Gong: "Re: exporting DSS key using CryptoApi"

Previous message: Eric Perlin [MS]: "Re: Problems with smart cards and windows XP SP1"
In reply to: Eric Perlin [MS]: "Re: [SmartCard CSP] How can I obtain a PIN to sign HASH ?"
Next in thread: Eric Perlin [MS]: "Re: [SmartCard CSP] How can I obtain a PIN to sign HASH ?"
Reply: Eric Perlin [MS]: "Re: [SmartCard CSP] How can I obtain a PIN to sign HASH ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 10 Oct 2003 10:52:35 +0800

Do you kindly tell me what are the differences between CRYPT_IMPL_MIXED
and CRYPT_IMPL_HARDWARE ? I think CRYPT_IMPL_MIXED means that I implemented
something based the smartcard and others by call some base CSP such as
"Microsoft Base Cryptographic Provider v1.0". But from you email, the
"CRYPT_IMPL_MIXED" means not call other CSP. Am I correct?

Let me explain this issue more clearly:
    1. There are two method when use EAP to authenticate user, one is "Use
my
smart card", another is "Use a certificate on this computer". When I select
the
first one to logon the wireless network, Windows show me a "Input SmartCard
PIN"
dialog box, but when I select the second way, such dialog box never appear.
    2. When I select the second way, the CSP caller (here is the
WinLogon.exe, I
guess), always call CPAcquireContext() whit CRYPT_SILENT, so I can not
obtain
the user's PIN by myself.
    3. When CPSignHash() be called, because there are not login into my
smart
card, so what I can do is fail with set last error code to
NTE_SILENT_CONTEXT.

----------------------------------
And I had tried the CRYPT_IMPL_MIXED | CRYPT_IMPL_REMOVEABLE, it still does
not
show the PIN require dialog box.
----------------------------------

"Eric Perlin [MS]" <ericperl@microsoft.com> wrote in message
news:eapWUXrjDHA.2416@TK2MSFTNGP10.phx.gbl...
> Have you actually tried with CRYPT_IMPL_MIXED | CRYPT_IMPL_REMOVEABLE?
> I doubt that you implemented everything on the smartcard (it would be very
> slow) so this is actually the correct value.
> --
> Eric Perlin [MS]
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> ---
>
> "Euphen Liu" <euphen_liu@ncksoft.com> wrote in message
> news:#Q9uQHXjDHA.1284@TK2MSFTNGP09.phx.gbl...
> > Hi all, (sorry for my pool English.)
> >
> > We have created a RSA-FULL CSP based SmartCard. It works fine with
> > IE/OE, etc.
> >
> > Now we are using wireless network connection with EAP (Use SmartCard or
> > other certificates) on WindowsXP(with SP1 installed), I selected the
"Use
> a
> > certificate on this computer", when the network connected, my CSP be
> > called as following:
> > ...
> > ...
> > CPAcquireContext(....) [called with the container name, ok]
> > CPGetProvParam(..., PP_IMPTYPE) [return CRYPT_IMPL_HARDWARE |
> > CRYPT_IMPL_REMOVEABLE, ok]
> > CPCreateHash(...) [ok]
> > CPSetHashParam(...) [ok]
> > CPSignHash(...) [can not work because not logon to the smartcard, so
> > can not use the private key to sign data.]
> > ...
> >
> > I don't know why the system does not show the "Input the PIN" dialog box
> > just like I select "Use my smart card". How can I make the system show
> such
> > dialog box to obtain the PIN from user input?
> >
> > BTW, I searched all these archives and can not find any idea about this
> > issue, some one discuss the smart card CSP should return
> > CRYPT_IMPL_MIXED | CRYPT_IMPL_REMOVEABLE, but for my instance, we
> > does not call other base CSP, we implemented all functions/algorithms.
> > Some of the algorithms implemented as software like hashdata, some by
> > hardware like RSA-compute.
> >
> > I had try more than 5 days but can not find the right way.
> >
> > Is any body can resolve my problem?
> >
> >
>
>

Next message: Rhett Gong: "Re: exporting DSS key using CryptoApi"

Previous message: Eric Perlin [MS]: "Re: Problems with smart cards and windows XP SP1"
In reply to: Eric Perlin [MS]: "Re: [SmartCard CSP] How can I obtain a PIN to sign HASH ?"
Next in thread: Eric Perlin [MS]: "Re: [SmartCard CSP] How can I obtain a PIN to sign HASH ?"
Reply: Eric Perlin [MS]: "Re: [SmartCard CSP] How can I obtain a PIN to sign HASH ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: DEBUGCHK error in smartcard
... If I may use CETK to test my driver and if CETK is using CSP? ... The Smart Card Resource Manager APIS is CryptoAPI other than CryptoSPI? ... Thus to use your smartcard from the Certificate Control Panel you ...
(microsoft.public.windowsce.platbuilder)
Re: Re[2]: Whats the mean of PIN cache in smart card csp
... The PIN cache described by the Smart Card Cryptographic Service Provider ... smart card CSP. ...
(microsoft.public.platformsdk.security)
Whats the mean of PIN cache in smart card csp
... How can I add the PIN ... I notice it is very important, because the "Microsoft Base Smart Card Crypto Provider" ... but my csp can not work perfectly. ...
(microsoft.public.platformsdk.security)
Re: Smartcard CSP Problem
... the crypto processor is not a smart card and it has its own crypto ... Would a simple CSP DLL work in this case? ... > You don't need to emulate a smartcard CSP for it to work with S-MIME. ...
(microsoft.public.platformsdk.security)
Re: Caching PIN
... I know how a CSP name associated with a card be identified.But after getting ... The usual approach taken by smart card CSP's implementors is to cache the ... PIN in the context of the CSP dll, thus you don't need to care about the ... I had a list of available readers on the system and the PIN is ...
(microsoft.public.platformsdk.security)