Automatically Obtain the PKCS#11 Driver Path

[victor...@gmail.com]

Hello,

There is any method to autodetect the installed PKCS#11 modules and extract the path to that modules?

For example, if Aladdin eToken PRO is installed, the method must automatically obtain the path to the PKCS#11 DLL that is: "c:\Windows\System32\eTPKCS11.dll"

I have found a registry value that returns the path to the CSP but not the path to the PKCS#11 driver.

The registry key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\

The main idea is to not force the user to manually enters the path to his PKCS#11 smart card driver.

Do you have a solution for this?

Regards,
Victor

[Jaroslav Imrich]

Hello Victor,

 

There is any method to autodetect the installed PKCS#11 modules and extract the path to that modules?

I am not aware of such method. Some/most Linux distributions use p11-kit [0] that provides capability of centrally registering available PKCS#11 modules and querying the list via custom ANSI C library or PKCS#11 proxy module. However it is an "opt-in" registration and vendors may ignore it.

[0] https://p11-glue.freedesktop.org/p11-kit.html

 

For example, if Aladdin eToken PRO is installed, the method must  automatically obtain the path to the PKCS#11 DLL that is: "c:\Windows\System32\eTPKCS11.dll"

I have found a registry value that returns the path to the CSP but not the path to the PKCS#11 driver.

The registry key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\

CSPs (Cryptographic Service Providers) are plugins for Microsoft Crypto API and they are first class citizens in Windows OS. They are centrally managed, one can acquire their list via native Windows APIs, you can access them via single CryptoAPI (much less powerful then PKCS#11 API) etc. It is sad but AFAIK no similar infrastructure exists in Windows OS for PKCS#11 modules.

 

The main idea is to not force the user to manually enters the path to his PKCS#11 smart card driver.

If you are working with single card/token or small amount of different cards/tokens you can "hardcode" library paths/names and present predefined list to the user.

Regards, Jaroslav

[victor...@gmail.com]

Hello Jaroslav,

Based on your advice, we will hardcode the library paths and we will add then on a listbox in order to be selected by the user.

Thank you for your willing to help.

Pkcs11Interop is a great product.

Victor