Smart Card’s PIN gets cached

Hi, welcome back,

When we use a Smart Card with any application (i.e. Internet Explorer), the PIN that user inserted to access the card the first time may get cached and not requested again during the live of the application. But what if we need the PIN to be requested everytime we use the card with that application?

The Smart Card CSP (Crypto Service Provider) is in charge of PIN cache. PIN is cached by card/process/time. 

We may have two possible solutions here:

1) The CSP has a parameter that we can set in i.e. the registry to disable the PIN cache. This depends on the CSP.

2) We can flush the cache with CryptSetProvParam API, but not all CSP implement this. Microsoft Base Smart Card Crypto Provider implements it, for instance. This is the way we should call this CryptoAPI:

CryptSetProvParam(hProv, PP_SIGNATURE_PIN, NULL, 0)


I hope this helps.



Alex (Alejandro Campos Magencio)

Comments (1)

  1. Ricky says:


    What is the registry for basecsp/scksp to disable the PIN Cache?

Skip to main content