RE: Smartcard CSP Problem

From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 11/29/04 

Date: Mon, 29 Nov 2004 10:44:26 -0800

What you are doing is not smart card specific at all, so you just need the
CSP documentation (which can be found in the Platform SDK).

Here's what you need to do:
1. Decide how to store containers (eg. in files, in Registry; encrypted or
not) - it's your call. Of course your implementation will affect the security
of the private keys you store.
2. At enrollment your CSP will be called with a new container where you will
generate a key pair. MS will store the certificate in its own store - you
will be 'linked' to that cert.
3. Apps may call your CSP to store the corresponding certificate:
CPSetKeyParam with KP_CERTIFICATE parameter. Note that you won't get size
parameter, you need to figure out the cert size from its ASN.1 format. Of
course, later apps may also want to get back that cert (CPGetKeyParam with
KP_CERTIFICATE).

Laszlo Elteto
SafeNet, Inc.

"Alf" wrote:

> Hello, maybe somebody can help me out!
>
> I am to develop a SmartCard CSP, but with no actual SmartCard behind it, but
> rather a Software System that simulates it.
>
> I so far devloped a CSP which wrappes the MS Base CSP for the common
> functionality and will use the System for the Rest.
>
> Now, I have a logical problem.
>
> The CSP should be used for Mail Signing and encrypting in Outlook, as well
> as for windows logon.
>
> If I understood the concept of the certificate handling in windows, you have
> to enroll a certificate for a certain user who is present in the active
> directory - let's call him Bob. When enrolling this certificate, you choose
> the type (smartcard certificate) and the corresponding CSP (in this case, my
> CSP).
>
> The result of the enrollement would be a new certificate stored on the
> SmartCard and installed in windows.
>
> Question: Am I rigth with the above?
> Then - next Question: How does the enrollemnt process create and store the
> certificates on the SmartCard since the CryptoApi (CP* ) functions do not
> provide certification handling - Does the enrollement task itsself store the
> certifcate to the SmartCard? (And how, cia driver?)
>
> Are there any other usefull documentations on what a SmartCard CSP has to
> implement?
>
> Thanks!
>
>
>
>

Relevant Pages

  • Re: smart card private key
    ... first storing the certificate information and the private key ... information in the system store. ... first of it the name of the CSP module that manages that key. ... information about the private key present on the smart card before ...
    (microsoft.public.platformsdk.security)
  • Re: Key archival and smartcard CSP
    ... the first question is that does your smartcard ... CSP allow the public/private key pair to be imported into its own store? ... > - When the certificate has been issued, i get the container name and the ...
    (microsoft.public.platformsdk.security)
  • Smartcard CSP Problem
    ... I am to develop a SmartCard CSP, but with no actual SmartCard behind it, but ... I so far devloped a CSP which wrappes the MS Base CSP for the common ... If I understood the concept of the certificate handling in windows, ... The result of the enrollement would be a new certificate stored on the ...
    (microsoft.public.platformsdk.security)
  • Re: Smartcard CSP Problem
    ... You don't need to emulate a smartcard CSP for it to work with S-MIME. ... But your "simulated" smartcard CSP is not going to work for Windows logon. ... > If I understood the concept of the certificate handling in windows, ... > provide certification handling - Does the enrollement task itsself store ...
    (microsoft.public.platformsdk.security)
  • Smartcard Issue in 2003? : Problem Solved
    ... When we use the webpages certsces.asp, our CSP is not ... When we create new smartcard templates, ... the certces.asp requires one enrollment certificate for ...
    (microsoft.public.platformsdk.security)