Re: Key archival and smartcard CSP

From: Vishal Agarwal[MSFT] (vishala_at_online.microsoft.com)
Date: 01/30/04 

Date: Fri, 30 Jan 2004 11:00:01 -0800

Before you venture further, the first question is that does your smartcard
CSP allow the public/private key pair to be imported into its own store?

Thanks,
Vishal [MSFT] 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights
"Stephane Vinsot" <stephane (dot) vinsot (at) enatel (dot) com> wrote in
message news:B7F780DE-666B-4D92-9300-9365C4DE3F70@microsoft.com...
> Hi,
>
> I'm generating 3 certificates for my smartcard :
> - 1 for authentication,
> - 1 for signature,
> - 1 for encryption with key archival on my Win2K3 entreprise server.
>
> Using xenroll, i managed to create the first two certificates, but can't
generate the 3rd because the Smartcard CSP (here Schlumberger) doesn't allow
key export.
>
> So i think of a solution like:
> - create the certirficate with key archival using a software CSP
(MS_ENHANCED_PROV) following the MSDN sample "Requesting a Key Archival
Certificate"
> - When the certificate has been issued, i get the container name and the
private key from the software CSP and reimport all that in the smartcard
CSP,
> - i import then the issued certificate in the smartcard using
CryptSetKeyParam(KP_CERTIFICATE)
>
> My questions are:
> * Is that a good solution or should i find something else ? Maybe there's
something simpler my modifying the certificate properties ?
> * I dont know the format of the certificate i must provide to
CryptSetKeyParam, and even the CSPDK documentation doesn't mention it.  How
can i convert my certificate recovered using CertRequest->GetCertificate or
CertRequest->GetFullResponseProperty to something usable by KP_CERTIFICATE
parameter ?
>
> Thanks a lot for any help.
>
> Stephane
>
>

Relevant Pages

  • Smartcard CSP Problem
    ... I am to develop a SmartCard CSP, but with no actual SmartCard behind it, but ... I so far devloped a CSP which wrappes the MS Base CSP for the common ... If I understood the concept of the certificate handling in windows, ... The result of the enrollement would be a new certificate stored on the ...
    (microsoft.public.platformsdk.security)
  • Re: Smartcard CSP Problem
    ... You don't need to emulate a smartcard CSP for it to work with S-MIME. ... But your "simulated" smartcard CSP is not going to work for Windows logon. ... > If I understood the concept of the certificate handling in windows, ... > provide certification handling - Does the enrollement task itsself store ...
    (microsoft.public.platformsdk.security)
  • Smartcard Issue in 2003? : Problem Solved
    ... When we use the webpages certsces.asp, our CSP is not ... When we create new smartcard templates, ... the certces.asp requires one enrollment certificate for ...
    (microsoft.public.platformsdk.security)
  • How does IE determine which smartcard to use?
    ... I have two smartcard readers connected to my computer and a smartcard ... enrolled using both smartcards with the same CSP, ... is a certificate on each of the smartcards assigned to him. ... right smartcard after selecting a certificate in the MY store. ...
    (microsoft.public.platformsdk.security)
  • RE: Relative Security Provided by Cached Domain Credentials?
    ... So when a user logs on the w2k terminal using a smartcard + pin no (rather ... If it does then EFS ... profile currently logged on for the private certificate. ...
    (Focus-Microsoft)