How to select which Smart Card reader to perform actions on

Hi all, welcome back,

Most of the time we only have a smart card reader in our machine, and we only use one smart card to perform crypto operations. But what if we have several readers and cards, and those cards share the same CSP (Cryptographic Service Provider)? Can we select the one we want to use when working with CryptoAPI/XEnroll/CertEnroll?

Let's take a look to XEnroll, for instance: We can set WriteCertToCSP Property of the ICEnroll4 Interface to TRUE so the certificates will be written to the smart card in addition to being written to "MY" store when calling i.e. acceptPKCS7 method (Note: WriteCertToCSP is TRUE by default). But apparently we can't specify which card we want to write the cert to. So what happens if we have two cards with same CSP inserted at the same time? Well, in this case the CSP itself will be responsible of giving the user the possibility to choose the card it wants. When we enroll the cert, the CSP should show a dialog so we can choose the appropiate card.

As you sure know, XEnroll won’t work on Vista. Vista now uses the new certificate enrollment component CertEnroll (see Certificate Enrollment API for more info). But my comments still apply here: the CSP should help us to choose the card.

And what if we want to do the selection programmatically? Can that be done? Yes, we may be able to do it. If we want to select the card for the CSP then we should figure out which reader the card is in, and then use the " \\.\<Reader Name>\ " format for the container name when calling CryptAcquireContext API, for instance. If we also know the container name we can use " \\.\<Reader Name>\<Container Name>\ " (See the smart card white paper for more details on our MS Base CSP). The CSP should be able to work with the right card.

I hope this helps.
Cheers,

Alex (Alejandro Campos Magencio)