'Re: WinXP Login, problem with CSP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: WinXP Login, problem with CSP
From:       Eric Perlin <ericperl () MICROSOFT ! COM>
Date:       2001-09-19 16:30:27
[Download RAW message or body]


The sequence has indeed changed.
It shouldn't be a problem though as the 2 containers acquired are the
same and the PIN presented to one should be available to the second.
The PIN is a characteristic of a card, not of a HCRYPTPROV.

BTW, your CSP should never display its own UI to request the PIN as all
the AcquireContext specify the SILENT flag.

-----Original Message-----
From: Mikael Holm [mailto:mikaelholm_smarttrust@HOTMAIL.COM]=20
Sent: Tuesday, August 21, 2001 8:50 AM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: WinXP Login, problem with CSP


Hello,

My name is Mikael Holm and I work at SmartTrust in Sweden.

I have a problem with SmartCard login on WinXP Beta 2 using our CSP and
just need to check if anyone else has encountered the same behaviour.

I get a pretty different calling sequence to the CSP in the WinXP case
compared to the Win2K sequence. On XP this results in the user having to
supply the PIN for the smartcard twice.

In Win2K the functions called in the CSP are:

CPAquireContext
CPSetProvParam (where the keyexchange PIN is set)
CPGetUserKey
CPGetKeyParam (KP_CERTIFICATE attribute)
... a few other calls...
CPAquireContext (again)
...a lot of other calls...
and then eventually CPSignHash using the first context
...all is well

In WinXP:
CPAquireContext
CPGetUserKey (ie. no CPSetProvParam to set the PIN here)
...it then continues with a few calls and then... CPAquireContext
(again, just as W2K) ...a few more calls, among them CPSetProvParam to
supply PIN for the second context ) and then eventually CPSignHash using
the first context, which has never gotten any PIN and hence our CSP pops
up a PIN dialog. This is the reason the user has to supply PIN twice,
once at the login dialog, and once at our CSP dialog. ...all is well
except the PIN problem as described


I'm not sure what is causing this behaviour. Any ideas would be greatly
appreciated. I could supply the complete function calling sequence with
parameter values in case anyone is interested and willing to help.


Kind Regards,


/Mikael


PS. Use mailto:mikael.holm@smarttrust.com for private replies. Hotmail
is used to avoid spam...

_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html . To unsubscribe,
mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic