Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
What's the mean of PIN cache in smart card csp
161 views
Skip to first unread message
Skybird Le
Dec 11, 2007, 4:52:27 AM12/11/07
to
Hi, every one
In "The Smart Card Cryptographic Service Provider Cookbook"
whose URL is http://msdn2.microsoft.com/en-us/library/ms953432.aspx,
there is a "PIN caching" Design Considerations. I read it one time and
again and again, but still can not get its mean. How can I add the PIN
to the cache with the logon ID for the security context of the current
thread?
I notice it is very important, because the "Microsoft Base Smart Card Crypto Provider"
can behave correctly with "checkpoint SecureClient NGX R60 HFA2" in
vista, but my csp can not work perfectly. Checkpoint SecureClient's
SR_Service.exe is a service, it call csp at first and then create a
child process SR_CAPI.exe with normal user's identity. The SR_CAPI.exe
calls csp to generate rsa key pair and sigh hash, during this progress
the csp will require smart card PIN with prompting PIN dialog, so
SR_CAPI.exe process's csp state is smart card pin provided and the pin
is cached in process. Now the SR_Service.exe will call csp to sign hash
using the generated rsa key bu SR_CAPI.exe, the "Microsoft Base Smart Card Crypto Provider" does not
prompt PIN dialog as this process's csp state is pin provided and cached,
but my csp will prompt to require smart card PIN.
According to smart card csp cookbook, the pin cache is
per-process, so the pin cache should not shared by two process, but why
"Microsoft Base Smart Card Crypto Provider" can share the pin cache in
two different process?
I expect your help!
Skybird Le
Skybird Le
Dec 11, 2007, 5:05:05 AM12/11/07
to
I know how to get logon id by using Windows function OpenProcessToken, OpenThreadToken
and GetTokenInformation(TokenStatistics), but should SR_Service.exe and
SR_CAPI.exe share the pin cache ?
and GetTokenInformation(TokenStatistics), but should SR_Service.exe and
SR_CAPI.exe share the pin cache ?
Skybird Le
Dec 12, 2007, 3:37:17 AM12/12/07
to
Can any one give me some help ?
On Tue, 11 Dec 2007 18:05:05 +0800
Skybird Le
Dec 16, 2007, 8:30:28 PM12/16/07
to
Thanks a lot. I mistook the checkpoint's meaning. The SR_Service.exe
process uses the SR_CAPI.exe generated rsa key pair to sign hash to get
the signature's length only, so the CSP should not prompt the PIN dialog,
it is not to get the signature.
process uses the SR_CAPI.exe generated rsa key pair to sign hash to get
the signature's length only, so the CSP should not prompt the PIN dialog,
it is not to get the signature.
0 new messages