Re: Importing a Symmetric Key into the Microsoft Base Smart Card C


""Jeffrey Tan[MSFT]"" <jetan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:pcSYbyNbGHA.5300@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Milton,

Thanks for your feedback.

Is it possible for you to provide a sample steps to help us reproduce the
problem? With the current information, it is hard for us to provide
definite solution for you. Thanks

Hi Jeffrey:

I suspect you might not be able to reproduce this problem since I seem
to be the only person who has it. :-) Here are the exact steps I take
to set up a testing environment:

1. Start Outlook Express.

2. Select the Tools/Accounts... menu command.

3. On the Internet Accounts dialog box, click the Add button and select
the Mail... command.

4. On the Your Name page of the Internet Connection Wizard, enter your
name into the Display name text box. Click the Next button.

5. On the Internet E-mail Address page of the wizard, enter the e-mail
address stated in the e-mail certificate. [I am using a Thawte
Freemail certificate.] Click the Next button.

6. On the E-mail Server Names page of the wizard, enter "asdf" or any
throwaway value into the Incoming Mail (POP3, IMAP or HTTP) server
and Outgoing mail (SMTP) server text boxes. Click the Next button.

7. On the Internet Mail Logon page of the wizard, uncheck the Remember
password check box. Click the Next button.

8. Click the Finish button.

9. On the Internet Accounts dialog box, select the newly-created mail
account and click the Properties button.

10. On the Properties dialog box, select the Security tab.

11. In the Signing certificate portion of the dialog box, click the
Select... button and select the appropriate certificate (I select
my Thawte certificate.)

12. In the Encrypting preferences portion of the dialog box, click the
Select... button and select the appropriate certificate (I select
the same Thawte certificate I use for digital signatures.) Select
3DES from the Algorithm drop-down list box.

13. Click the OK button.

Outlook Express is now configured to perform the test. The next step
in the test is compose an encrypted message.

1. Remove all smart cards from readers attached to the system.

2. Select the File/New/Mail Message command.

3. In the To: field of the message, address it to the e-mail address
of the account created above. Type any text you want for the
subject and body of the message.

4. Select the Tools/Encrypt command to encrypt the message.

5. Select the File/Send Later command to encrypt this message and put
it into the Outbox.

6. Open the Outbox and select the message just created.

7. Outlook Express will ask you to insert your smart card. Insert
the appropriate smart card and click the OK button to dismiss the
smart card selection dialog box.

8. This is where my test case ends. Instead of getting a PIN prompt,
Outlook Express just says it cannot display the message. From my
previous postings, I believe you have a relatively detailed
account of what is happening at the Crypto API and card module call
levels.

The call to CryptImport key fails here. For whatever reason,
Outlook Express doesn't like the parameters or something and never
attempts to use the private key on the card to decrypt the 3DES
key.


If there's any other information that would help you, please let me
know and I'll post it.


Thanks,
Milton


.

Quantcast