CAPICOM and SmartCards

[Stuart Squibb]

Is anyone currently able to access certificates on Gemplus Smartcards using
CAPICOM? I'm using VB 6/CAPICOM 2 on Windows XP SP2 and both the Microsoft
samples and my own code fail to find any certificates on the card, even
though I know there is one present. Can anyone suggest anything I need to
check? Are there additional steps required to unlock the card?

---My Code---

Dim myStore As New CAPICOM.Store
Dim myCert As New CAPICOM.Certificate

myStore.Open CAPICOM_SMART_CARD_USER_STORE

For Each myCert In myStore.Certificates

Print myCert.SubjectName

Next

---End of my code---

Regards,

Stuart.

[Stephane Grobety]

My first step would be to call myStore.Certificates.Select to see what
I have available.

Good luck,
Stephane

[StuSquibb]

No certificates are shown. Needless to say, there is one stored on the card.

[Stephane Grobety]

Ah, if I may ask: how do you know there is a certificate if the
function doesn't show it ? Maybe your problem has a different cause:
for some reason, the certificate in the card simply cannot get accessed
by crypto API at all. Here are a few possible reasons this might be but
please keep in mind that it's in no way an exhaustive list:

- The certificate is not in a format recognized by CAPICOM (i.e. it's
not an X509 certificate).
- The certficate is in the card, but it wasn't copied into the local
store. I know, for instance, that the certs I put in my eToken PRO
storage do not apear until I insert the token and unless I specified
the driver to automatically load it.
- The certificate is present, but it's not in a usable state: missing
some important property, the linked key format isn't recognized,
expired, etc.

Good luck,
Stephane

[Mark Gamache]

How did the cert get onto the card? Maybe the cert needs to be access via
PKCS#11 and not capicom?

does the card show the cert if you use certutil -scinfo from the
commandline?

Cheers,

--
Mark Gamache
Certified Security Solutions
http://www.css-security.com

"StuSquibb" <StuS...@discussions.microsoft.com> wrote in message
news:03BA83C4-0BA4-4FD3...@microsoft.com...

[rongping]

I am working on the exact same project with you. I use C# to open the smart
card store:
Store store = new Store();
store.Open(CAPICOM_STORE_LOCATION.CAPICOM_SMART_CARD_USER_STORE,"My",CAPICOM_STORE_OPEN_MODE.CAPICOM_STORE_OPEN_READ_ONLY);
It failed with " System can not file the file specified". Do I need to do
some extra thing before I can call this function? Thanks.

[Saleh Matani]

Hello,
to open the Smartcard Store using the CAPICOM you use to open the User
Store , the Smartcard Driver loading the Certificates by insert of card
to the User Store to be used as usual User (Clients) Certificates !

then to Open the Store it use to be like this:

store.Open(CAPICOM_STORE_LOCATION.CAPICOM_CURRENT_USER_STORE,"My",CAPICOM_STORE_OPEN_MODE.CAPICOM_STORE_OPEN_READ_ONLY);

if u are using the eToken Smartcards then you use to add the application
you created to the
HKEY_LOCAL_MACHINE/SOFTWARE/Alladin/eTCertStore/(ProcLoadLocalIgnore)
with regedit you can access the Registry to add that program without the
prefix ! means for example not MYAPPLICATION and not MYAPPLICATION.EXE ,
you can also add DLLs or ocx files to this list.

I hope that can help you.

Saleh Matani

[rongping]

Thanks Saleh!
I still have some question about retrieve the certificate from Scard:
--Is certificate automatically loaded by driver every time you insert the
card to reader? So we just need to detect if card is in the reader.
--After I retrieve the certificate from CAPICOM_CURRENT_USER_STORE, I try
to sign data as following:
********Code sample*********
SignedData signedData = new CAPICOM.SignedDataClass();
Utilities utility = new CAPICOM.UtilitiesClass();
Signer signer = new CAPICOM.Signer();
signer.Certificate = cert;
signer.Load(null,"1234");
signedData.Content =
utility.ByteArrayToBinaryString(System.Text.Encoding.UTF8.GetBytes("this is
just a test"));
string signedMessage = signedData.Sign(signer,
false,CAPICOM.CAPICOM_ENCODING_TYPE.CAPICOM_ENCODE_BASE64);
***********End of code sample****************
I got exception "Provider's public key is invalid"
--If Scard is protected by password, how can I provide my PIN to smart
card in CAPICOM?
Thanks a lot

Rongping

[Saleh Matani]

rongping wrote:
> Thanks Saleh!
> I still have some question about retrieve the certificate from Scard:
> --Is certificate automatically loaded by driver every time you insert the
> card to reader? So we just need to detect if card is in the reader.

yes -Certificate is automaticly loaded by driver every time you insert
the card reader but to Access to the Private key of your certificate you
use every time you insert the smartcard to write the SC password.

the Certificate will be loaded to the User store (with out Private key)
and still there till you delete it maually.

> --After I retrieve the certificate from CAPICOM_CURRENT_USER_STORE, I try
> to sign data as following:
> ********Code sample*********
> SignedData signedData = new CAPICOM.SignedDataClass();
> Utilities utility = new CAPICOM.UtilitiesClass();
> Signer signer = new CAPICOM.Signer();
> signer.Certificate = cert;
> signer.Load(null,"1234");
> signedData.Content =
> utility.ByteArrayToBinaryString(System.Text.Encoding.UTF8.GetBytes("this is
> just a test"));
> string signedMessage = signedData.Sign(signer,
> false,CAPICOM.CAPICOM_ENCODING_TYPE.CAPICOM_ENCODE_BASE64);
> ***********End of code sample****************

> I got exception "Provider's public key is invalid"
> --If Scard is protected by password, how can I provide my PIN to smart
> card in CAPICOM?

i do not know any way to provide your password to smardcard over CAPICOM
, to do that you use to ASK the Smartcad producer for SDK with examples
! this can you finde by Alladin eTokens if you have that!

saleh at matani dot net ;)

so , if you have any Quastions please replay to the newsGroup with cc:
to saleh at matani dot net ;)

Saleh Matani