Cannot use CryptAcquireContext on a Incard smartcard

From: "Renzo Tomaselli"<renzo.tomaselli@xxxxxxxxxx>
Date: Tue, 1 Jul 2008 03:11:57 +0800

Hi all, I'm using a smart card ST Incard on an Athena reader. OS is win xp
prof.
The card runs well on both Outlook Express and Thunderbird. Both prompt for
a pin at the first access. The hard work is performed by a pkcs11 dll named
incryptoki2.
No way to succeed from Capi. Calling:

CryptAcquireContext(&hProv, NULL,
"SysGillo Cryptographic Service Provider", 1, 0)

always returns 0x45a, which might be ERROR_DLL_INIT_FAILED, although a
malformed error. No prompt for the pin. The same value is returned by
calling CryptAcquireCertificatePrivateKey after retrieving a certificate by
iteration.
All of this occurs both for a normal user and the admin.
Any help is appreciated, thanks.

url:http://www.ureader.com/gp/1659-1.aspx
.

Prev by Date: Re: Problems loggin in Windows Vista with a smart card enabled account
Next by Date: Re: Problems loggin in Windows Vista with a smart card enabled acc
Previous by thread: Re: Problems loggin in Windows Vista with a smart card enabled account
Index(es):
- Date
- Thread

Relevant Pages

GINA with smart card bypass
... I am developing a GINA hook that needs to display a custom dialog window ... If smart card is present the regular MS ... window should prompt for PIN and login should continue. ...
(microsoft.public.platformsdk.security)
RE: Certs on smart card, re-prompting for PIN (Internet Explorer 6)
... If the CERTIFICATE is protected with PIN, ... Most Smart Card software allows the caching of the PIN (ie. won't prompt ... would establish an SSL connection between client and server - and the ... I notice that the smart card "middleware" has settings for either ...
(microsoft.public.platformsdk.security)
Certs on smart card, re-prompting for PIN (Internet Explorer 6)
... The problem that we're encountering is that when we do the above, we are seeing the popup window asking for the smart card PIN, but this window is appearing multiple times, sometimes 10-20 times before we start seeing the initial partial webpage. ... I notice that the smart card "middleware" has settings for either caching the PIN, or for the middleware temporarily copying the client cert into the Certificate Store, and I'm pretty sure if we enabled either or both of these settings, that we'd avoid the multiple popup PIN windows. ... As mentioned above, the smart card middleware appears to have some settings that would also prevent the re-prompting for the PIN, but the workstations are locked down, and even if we could it would be a major process to get approval to change the settings, so I'm wondering if there is possibly something else that we can do to avoid the popup PIN windows from re-appearing. ...
(microsoft.public.platformsdk.security)
Re: Certs on smart card, re-prompting for PIN (Internet Explorer 6)
... Its purely a sign of poor card handling of your middleware. ... As mentioned we're using Apache as the webserver. ... normally the PIN is needed only when the PRIVATE KEY ... If the server requires authentication of EACH request then the smart card ...
(microsoft.public.platformsdk.security)
Re: Certs on smart card, re-prompting for PIN (Internet Explorer 6)
... I'm aware of what you explained in #1 and #2, and we are checking with the middleware manufacturer, but as mentioned, there's a desire not to change the settings on the middleware. ... normally the PIN is needed only when the PRIVATE KEY is used. ... Most Smart Card software allows the caching of the PIN. ... Normally you would establish an SSL connection between client and server - and the connection setup would require that both side use certs and signatures. ...
(microsoft.public.platformsdk.security)