[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: AW: CSP, Certificates and Smartcards
From: Peter Bodenmann <peter.bodenmann () GMX ! CH>
Date: 2000-10-30 21:38:13
[Download RAW message or body]
Hello Tom & Peter,
No, your logging CSP does the right thing. The SetKeyParam function is only
called for smart card CSP's, not for the software implementations. You need
to specify that you're a smart card CSP by returning CRYPT_IMPL_MIXED |
CRYPT_IMPL_REMOVABLE in calls to GetProvParam (PP_IMPTYPE)
Peter
-----Ursprungliche Nachricht-----
Von: Peto Bori [SMTP:smartwin2000@HOTMAIL.COM]
Gesendet am: Montag, 30. Oktober 2000 16:34
An: CryptoAPI@DISCUSS.MICROSOFT.COM
Betreff: Re: CSP, Certificates and Smartcards
Hello Peter,
What we have done now is created a CSP that passes all the calls through
to the Microsoft CSP to see what functions are called. The information
is printed to a file.
The certificate is generated but we still can't see where the function
setKeyParam is called.
How many threads are working on the enrollment? Because we print all
our debug information to a file.... maybe we are missing parts of our debug
because of the different threads.
I know we are missing something obvious...
Thanks in advance
Tom Rixom &
Peter Boevink.
----- Original Message -----
From: "Peter Bodenmann" <peter.bodenmann@GMX.CH>
To: <CryptoAPI@DISCUSS.MICROSOFT.COM>
Sent: Monday, October 30, 2000 2:33 PM
Subject: Re: CSP, Certificates and Smartcards
> No, you don't need to support schannel functions.
> The documented usage of KP_CERTIFICATE has nothing to do with what you
want
> to do.
> My CSP, which is of type RSA_FULL only supporting the logon
functionality,
> is called with this flag. And during logon the function CPGetKeyParam is
> called with the same flag to retreive the certificate from the smart
card.
>
> Probably you've got an error before the certificate can be installed.
>
> Peter
>
> -----Ursprungliche Nachricht-----
> Von: Peto Bori [SMTP:smartwin2000@HOTMAIL.COM]
> Gesendet am: Montag, 30. Oktober 2000 09:23
> An: CryptoAPI@DISCUSS.MICROSOFT.COM
> Betreff: Re: AW: CSP, Certificates and Smartcards
>
> Hello,
>
> Thank you for responding.
>
> But the function setKeyParam is never called using our CSP. And the
> KP_CERTIFICATE is only used
> within the schannel context (according to the SDK july 2000).
>
> Our CSP now supports RSA_FULL, but what your saying is that we also
> need to support the schannel extensions?
>
> And to do that would we have to return the SSL3 SHAMD5 algorithm when
> getProvParam( enumalg ) is called?
>
> Tom Rixom &
> Peter Boevink.
>
> ----- Original Message -----
> From: "Peter Bodenmann" <peter.bodenmann@GMX.CH>
> To: <CryptoAPI@DISCUSS.MICROSOFT.COM>
> Sent: Friday, October 27, 2000 9:59 PM
> Subject: AW: CSP, Certificates and Smartcards
>
>
> > Hi,
> >
> > The last thing in a successful enrollment is "Install Certificate",
which
> > publishes the certificate in the active directory and stores it on the
> > smart card. The later is done by calling CPSetKeyParam with parameter
> > KP_CERTIFICATE.
> > (The length of the buffer that is passed to this function you have to
> > determine by parsing the ASN.1 structure of the certificate)
> >
> > Peter Bodenmann
> >
> >
> > ------------------------------------------------------
> > WinTrust phone +41 52 335 45 25
> > Peter Bodenmann mobile +41 78 644 58 86
> > Hochgruetstr. 10 e-mail peter.bodenmann@gmx.ch
> > 8472 Seuzach
> > Switzerland
> >
> >
> >
> >
> > Von: Peto Bori [SMTP:smartwin2000@HOTMAIL.COM]
> > Gesendet am: Freitag, 27. Oktober 2000 16:59
> > An: CryptoAPI@DISCUSS.MICROSOFT.COM
> > Betreff: Re: CSP, Certificates and Smartcards
> >
> > Thank u for responding,
> >
> > But to write a certificate onto a smart card an application must call
> > something that
> > knows how to write such a certificate onto a specific smart card.
> >
> > We are writing a CSP which can be used to enroll smart card users. It
> > creates the
> > keyset on the smart card succesfully and a certificate is generated in
> the
> > specific
> > CA, but the enrollment then fails with a error code.
> >
> > This is because we are missing the functionality needed to write that
> > certificate onto
> > the smart card. (we think)
> >
> > I would think the CSP would also handle the certificate functionality
> but
> > their is no
> > indication of who to do this in the documentation or if this is the
right
> > thing to do.
> >
> > So we are still stuck with the question: "Who do i write the
certificate
> > onto a smartcard?"?
> > Anyone?
> >
> > Tom Rixom &
> > Peter Boevink
> >
> > ----- Original Message -----
> > From: "Greg Stark" <gstark@ethentica.com>
> > To: <smartwin2000@HOTMAIL.COM>
> > Sent: Friday, October 27, 2000 3:49 PM
> > Subject: Re: CSP, Certificates and Smartcards
> >
> >
> > > The certificates are created and managed entirely by the application
> > which
> > > is using your CSP, e.g. Outlook Express. The CSP only gives (and
gets)
> > > public keys. The CSP does handle all the managament of private keys
and
> > > these are normally stored protected on the smart card. I suppose a
good
> > > application could be aware of the presence of a smart card and
attempt
> to
> > > store the certificate there as well for portability reasons, but I
> don't
> > > believe any of the Crypto SPI functions (CP**) address this.
> > >
> > > Greg Stark, gstark@ethentica.com
> > > Chief Security Architect
> > > Ethentica, Inc.
> > > www.ethentica.com
> > >
> > >
> > > ----- Original Message -----
> > > From: "Peto Bori" <smartwin2000@HOTMAIL.COM>
> > > To: <CryptoAPI@DISCUSS.MICROSOFT.COM>
> > > Sent: Friday, October 27, 2000 6:33 AM
> > > Subject: CSP, Certificates and Smartcards
> > >
> > >
> > > Hello,
> > >
> > > I have a questions about CSP's and Smartcards.
> > >
> > > Even if you setup all the functions correctly for a RSA_FULL CSP
> > > such as signing, hashing, etc... when is the Certificate produced
> > > actually stored on the smartcard?
> > >
> > > Does the CSP have to register Certificate functions?
> > >
> > > Tom Rixom &
> > > Peter Boevink
> > >
> > > ----------------------------------------------------------------
> > > Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
> > > contains important info including how to unsubscribe. Save time,
> search
> > > the archives at http://discuss.microsoft.com/archives/index.html
> > >
> > >
> > >
> >
> > ----------------------------------------------------------------
> > Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
> > contains important info including how to unsubscribe. Save time,
search
> > the archives at http://discuss.microsoft.com/archives/index.html
> >
> > ----------------------------------------------------------------
> > Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
> > contains important info including how to unsubscribe. Save time,
search
> > the archives at http://discuss.microsoft.com/archives/index.html
> >
>
> ----------------------------------------------------------------
> Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
> contains important info including how to unsubscribe. Save time, search
> the archives at http://discuss.microsoft.com/archives/index.html
>
> ----------------------------------------------------------------
> Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
> contains important info including how to unsubscribe. Save time, search
> the archives at http://discuss.microsoft.com/archives/index.html
>
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
----------------------------------------------------------------
Users Guide http://msdn.microsoft.com/workshop/essentials/mail.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://discuss.microsoft.com/archives/index.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic