CSP Design - Working with several smartcards simultaneous

• Previous message: Ashley A Elenjickal [MS]: "Re: MacTripleDes (.NET managed and CryptoApi unmanaged interop)"
• Next in thread: Eric Perlin [MS]: "Re: CSP Design - Working with several smartcards simultaneous"
• Reply: Eric Perlin [MS]: "Re: CSP Design - Working with several smartcards simultaneous"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 25 Oct 2003 12:48:03 +0200

Hello MS CSP experts!

We have a design questions regarding CSP when working with several
smartcards simultaneous with the same CSP.

Since there is no constraint on container name format/content, it is legal
to have two smartcards with the same container name.

The question is how to handle this situation.

We did not find a specific and definite documentation regarding this issue,
so we will be grateful if you can address this issue.

We already implemented CryptAcquireContext with a container that can be in
the following format: "\\.\\reader", so CryptGetProvParam with
PP_ENUMCONTAINERS can enumerate containers only on specific smartcard.

The problem is with the certificate store. If we attach the container name
to the certificate, when the call to CryptAcquireContext will take place,
the CSP will not be able to determine which card was referred.

If we attach the full container name to the certificate
"\\.\\reader\\container" the CSP will be able to determine which card was
referred, BUT then we lost synchronization with the PP_ENUMCONTAINERS, since
it should return only container name part.

There is also a problem with putting the reader name in the store, since it
does not support moving the same card from one reader to another and
continue to work without interruption. In order to solve this we thought
about having a new convention "\\#serial\\container", this will direct CSP
to a specific smartcard serial.

Questions:

  1.. What is Microsoft stand regarding handling two smartcards with the
same container name simultaneous?
  2.. What is Microsoft stand regarding moving smartcard from one reader to
another?
  If it should be done without interruption putting the reader name in the
store is problematic (Although it is the only supported convention).
  3.. What format of container name should be attached to a certificate in
the store?
  Does Microsoft recommend of attaching FQN of container name to a
certificate in the store? ("\\.\\reader\\container")
  4.. Is it legal that PP_ENUMCONTAINERS returns container names that are
different from those attached in the store?
  So applications cannot enumerate store and containers and perform match.
  5.. And most importantly, how will Microsoft Generic/Mini CSP will handle
these dilemmas?

Best Regards,

Alon Bar-Lev

• Previous message: Ashley A Elenjickal [MS]: "Re: MacTripleDes (.NET managed and CryptoApi unmanaged interop)"
• Next in thread: Eric Perlin [MS]: "Re: CSP Design - Working with several smartcards simultaneous"
• Reply: Eric Perlin [MS]: "Re: CSP Design - Working with several smartcards simultaneous"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]