Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

smart card and crypt API CryptSignHash throws "an internal error occured"

465 views
Skip to first unread message

Mitesh

unread,
Apr 19, 2008, 6:10:11 PM4/19/08
to
Hi Everyone,

I am writing a simple smart card PIN validation client.
I am reached upto PIN UI. CreateSignHash function displays the PIN and
after entering valid PIN for smart card it throws "an internal error
occured.

here are my steps for smart card validation.

1. loop through all smart card reader and select the one which has
card.
2. after finding the reader with card. get the certificate from the
card and then it generates the SHA1 hash from the certificate.
3. call CryptSignHash that displays the PIN UI from the provider.
4. enter the PIN to which will be validated and generate the
signature.

I appreciate if you someone can help me why CreateSignHash throws
"internal error" and how do i know whats wrong with card or reader or
code itself.


I have two personalize the card one with Cryptoflex
windows 2000 and other with Cryptoflex windows xp.
The card which was personolized using XP gives "internal error" when
calling CreateSignHash function.
and the card with Windows 2000 gives error 0x80100022 "This smart card
does not support the requested feature."

any one knows what could be wrong? I would be willing to provide more
info to resolve this issue.

thanks
MP

Mitesh

unread,
Apr 20, 2008, 2:51:50 PM4/20/08
to
Here is more detail explanation of the problem i described earlier
post.

You may be right, may be i did not explain the problem. and sorry
about my bad english. I should have mentioned this but anyways. I am
glad that you replied to my post and mentioned a good points about my
post.

And, I am very much new to smart card and Crypto API. so please feel
free to ask any questions that you may think, which will help me to
find the problem.

Here is some information about my problem.

1. I am using Omnikey Smart Card Reader. Only one reader with two
smart cards.

2. I have two smart cards. Both are personalized with different
configuration but for same active directory user.
I am using "Schlumberger Personalization Tool" to personalize the
card. I have three different configurations A. Standard cryptoflex B.
CryptoFlex Windows 2K C. Cryptoflex XP.
There are three XML files which is used for personalizing the smart
card. I think these three xml files have commands like APDU for
configuring the cards. I don't know much detail about this. I think
they come with the personolization tool.
I am using the same Active Directory user profile to configure both
the card.


3. I am using B and C configuration files to peronolize the card.

4. In the C++ program, I am doing the following things.
- Iterating all the readers and find the one which has card.
- Once the reader with card found, I retrieve the ATR from the card.
- Using the ATR finding the CSP provider.
- using CryptAcquireContext, I am acquiring the context with the
card name, and CSP name which found in above step and In the last
parameter passing 0 so I can do KEYEXCHANGE and also provider will
display the PIN validation UI.
- Retrieve the Certificate from the card and stored in the temporary
file.
- Using CryptAcquireCertificatePrivateKey with
CRYPT_ACQUIRE_COMPARE_KEY_FLAG parameter I am initializing the
HCRYPTPROV.
- Generate the SHA1 hash from the certificate. Here i initialize the
HCRYPTHASH object using HCRYPTPROV object i got from above step. I
call these methods.
CryptCreateHash, CryptHashData, CryptGetHashParam (to find the
HP_HASHSIZE), CryptGetHashParam(To initialize the HP_HASHVAL).
- Calling CryptSignHash with AT_KEYEXCHANGE to find the signature
length.
- Calling CryptSignHash with AT_KEYEXCHANGE to get the signature
value. Now here PIN UI is being displayed from the CSP provider which
is Axalto in my case.
- After entering valid PIN, I get the "An internal error occurred".
This error occured for card which was configured for Cryptoflex
Windows XP.
And For the card with cryptoflex windows 2k. I get an error at the
"smart card does not support feature requested".


Let me know if you need further information for any step I described
above.

Both the card works fine, if i configure Active Directory user with
smart card logon. If I lock the computer and insert the smart card
with valid PIN entered for the card then i can login to the machine
without any problem.
So I am sure there is something wrong with either generating SHA1 hash
or configuring the card or calling the Crypt Functions.

Thanks,
Mitesh


M_P

unread,
Apr 29, 2008, 4:47:01 PM4/29/08
to
Using the certutil -scinfo i get following error.

--------------
Performing AT_KEYEXCHANGE public key matching test...
Public key matching test succeeded
Key Container = f8afe460-76e3-4974-b7d7-2b9001509c58
Provider = Axalto Cryptographic Service Provider
ProviderType = 1
Flags = 1
KeySpec = 1
420.588.0: 0x80090020 (-2146893792)
ERROR: Certificate public key does NOT match private key
317.686.0: 0x80090020 (-2146893792)
------------------

anyone here knows whats wrong.

thanks

0 new messages