Writing a Smart Card Minidriver (on PKCS#11)

---

• From: "Alexander"<ac2806@xxxxxxxxxxxx>
• Date: Fri, 27 Jul 2007 04:26:27 -0500

---

I have developed a PKCS#11 for the our supported cards and I have now the
task to create a minidriver.

As a lot of full CSPs are based on PKCS#11, I want to use our PKCS#11 in the
minidriver. I read the Minidriver Specification, but there were some
functions like Challenge Response authentication or writing files which are
not supported by PKCS#11. We only want to use the cards for certificate
authentication and signing (e.g. outlook, website authentication, logon) and
roll out certificates with certsrv but not to store user data on them.

Has somebody experience with a minidriver based on PKCS#11? Does this work
or are there major problems expected.

By reading the specification there come some questions up.
When rolling out a certificate, a keypair is generated. I think this is done
with CardCreateContainer. Then also the certificate is written to the card.
Which command is therefore used and how is the certificate and keypair
referenced. In PKCS#11 there is the CKA_ID which has the same value to check
the belonging.

To check which function of the minidriver the applications are calling with
the parameters, it would be useful to debug a minidriver. How can I debug it?
Is the driver running in kernel mode or can I debug it like a normal dll.
How can I debug during logon? Do I need to debug in kernel mode with 2 PCs
and a serial cable, or is there a more convenient way?

I also downloded the CNG Sample, but there is no sample for a minidriver. I
read that there is a minidriver sample existing, but how can I get it?

It would be fine if somebody can give me some hints.
regars
Alex
.

---

• Follow-Ups:
  • Re: Writing a Smart Card Minidriver (on PKCS#11)
    • From: Jan Spooren

• Prev by Date: Re: How to use smart card
• Next by Date: RE: CryptVerifySignature failing with bad_signature error
• Previous by thread: Re: CAPICOM and smart cards
• Next by thread: Re: Writing a Smart Card Minidriver (on PKCS#11)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Writing a Smart Card Minidriver (on PKCS#11) ... possible we have to implement more minidrivers for the different cards. ... Minidriver Certification Requirements for Base CSP and KSP". ... PUK and not via challenge response. ... The application which encrypts the challenge must hold the key, ... (microsoft.public.platformsdk.security) Re: Writing a Smart Card Minidriver (on PKCS#11) ... The intention why we want to set up the minidriver on the PKCS#11 is, that our PKCS#11 supports a lot of different cards, but if the mapping is not possible we have to implement more minidrivers for the different cards. ... (microsoft.public.platformsdk.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2007-07