Replacing Certificate on Smartcard Question. C#

From: Albadraco (albadraco_at_hotmail.com)
Date: 05/21/04

Next message: Steve: "Re: GINA DLL in windows XP home edition (Graphical Identification and Authentication DLL)"
Previous message: Albadraco: "Replacing Certificate on Smartcard Question. C#"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 20 May 2004 15:36:03 -0700

I am trying to replace a certificate on a smartcard with a new one, I am doing the below
with other work mixed in. The entry points are P/Invoked Interop style.

Certificate Contexts are IntPtr's (with Appropiate marshaling (I hope))

I believe I'm just missing a step(s) somewhere.

Reading from Smartcard (Getting the orginal Certificate off Card)
  CryptAcquireContext(ref hCryptProv,Container,CSPName,PROV_RSA_FULL,0);
  CryptGetUserKey(hCryptProv,bKeyFLags,ref hCryptKey))
  CryptGetKeyParam(hCryptKey,KP_CERTIFICATE,null,ref cbEncodedCert,0);
  CryptGetKeyParam(hCryptKey,KP_CERTIFICATE,pbOriginalEncodedCert,ref cbEncodedCert,0);
  CertCreateCertificateContext((X509_ASN_ENCODING | PKCS_7_ASN_ENCODING),pUnmanaged, cbEncodedCert);
  CertSetCertificateContextProperty(CertOnSmartcard,CERT_KEY_PROV_INFO_PROP_ID,0,ref phData);

Reading New Certificate ( Getting the New Certificate as in a CER file)
CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, bArray.Length);

Writing to Smartcard
  CertGetCertificateContextProperty(CertOnSmartcard,CERT_KEY_PROV_INFO_PROP_ID,null,ref cbKeyProv)
  CertGetCertificateContextProperty(CertOnSmartcard,CERT_KEY_PROV_INFO_PROP_ID,pbKeyInfo,ref cbKeyProv)
  CertSetCertificateContextProperty(m_CertContext,CERT_KEY_PROV_INFO_PROP_ID, 0, ref phData)
  CryptAcquireContext(ref hCryptProv,ContainerName,ProvName,TypeName,0)
  CryptGetUserKey(hCryptProv,KeySpec,ref hCryptKey)
  CryptSetKeyParam(hCryptKey, KP_CERTIFICATE, ref dtaBlob, 0)

Nothing fails up to this point (above is not actual code, I took out the error checking and marshalling)

Re-Reading from Smartcard (Getting the "NEW" Certificate off Card)
CryptAcquireContext(ref hCryptProv,Container,CSPName,PROV_RSA_FULL,0);
CryptGetUserKey(hCryptProv,bKeyFLags,ref hCryptKey))

CryptGetUserKey fails with BAD ASN.1

Anyone with some guidance?

Thank you

-Thomas

Next message: Steve: "Re: GINA DLL in windows XP home edition (Graphical Identification and Authentication DLL)"
Previous message: Albadraco: "Replacing Certificate on Smartcard Question. C#"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Relative Security Provided by Cached Domain Credentials?
... So when a user logs on the w2k terminal using a smartcard + pin no (rather ... If it does then EFS ... profile currently logged on for the private certificate. ...
(Focus-Microsoft)
Re: SmartCards
... Smartcards can contain many authentication id's. ... client certificates can be stored on the smartcard. ... The user must provide the PKI ... certificate. ...
(Security-Basics)
Re: Setting up AD (W2K3) for SmartCard Authentication
... The SmartCards can log into on AD Forest, ... Looked that the article on 3rd party CA's, ... Does the certificate contain the user's UPN in the subject alternative name ... Does the DomainController's certificate contain the SmartCard Logon ...
(microsoft.public.security)
Replacing Certificate on Smartcard Question. C#
... I am trying to replace a certificate on a smartcard with a new one, ... Reading from Smartcard ... CryptGetUserKey(hCryptProv,bKeyFLags,ref hCryptKey)) ... CryptGetUserKey fails with BAD ASN.1 ...
(microsoft.public.platformsdk.security)
Re: Key archival and smartcard CSP
... the first question is that does your smartcard ... CSP allow the public/private key pair to be imported into its own store? ... > - When the certificate has been issued, i get the container name and the ...
(microsoft.public.platformsdk.security)