[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Re: cert renewal and smartcard logon
From:       Eric Perlin <ericperl () MICROSOFT ! COM>
Date:       2001-09-19 16:33:24
[Download RAW message or body]


Just replace the current certificate.
That's what all the CSPs in the box do.

Even if the old cert is not in the card, it should still be in MyStore,
correctly linked to a container that still exists.

-----Original Message-----
From: Martin Leung [mailto:ccmartin@UST.HK]=20
Sent: Tuesday, August 21, 2001 7:28 PM
To: CryptoAPI@DISCUSS.MICROSOFT.COM
Subject: cert renewal and smartcard logon


Hi,

I am writing a CSP and have a question regarding smartcard logon. Will
logon fail after the certificate on the smartcard expired?

We renew certificate by keeping the old RSA key and the new certificate
will be effective right after the current certificate expired, i.e. no
overlap of certificate effective period. If the above is question is
true, how shall I code the CSP?

My idea is to have CPSetKeyParam/KP_CERTIFICATE to add cert. to the
container, not to replace. When CPGetKeyParam/KP_CERTIFICATE is called,
the CSP identifies the valid certificate and hands over to the caller. A
separate utility will be used to delete expired certificate from the
card. Will it work? Is that necessary?

Rgds.
Martin

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html . To unsubscribe,
mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:CryptoAPI-signoff-request@DISCUSS.MICROSOFT.COM

[prev in list] [next in list] [prev in thread] [next in thread]