Unexpected black screen when using a custom Credential Provider

Hi all,   Some time ago I had a customer how had developed a custom credential provider to use with a third-party smartcard provider. This credential provider was a wrapper of MS Smartcard Credential Provider. They also put a credential provider filter in place to hide MS Smartcard Credential Provider. Now, from time to time,…

0

X509Certificate2 raises "The Smart card resource manager is not running" exception

Hi all, Some time ago a customer of mine was getting a CryptographicException with message “The Smart card resource manager is not running” when using X509Certificate2 object in a Windows service. This was the call stack at the point of exception:   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)    at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer,…

2

SCardEstablishContext fails with SCARD_E_NO_SERVICE error

Hi all, If you call SCardEstablishContext API in a Windows service running under a specific user account (domain\user) or NETWORK SERVICE, you may get the following error on Vista/Server 2008 or Windows 7/Server 2008 R2: 0x8010001d – SCARD_E_NO_SERVICE – “The Smart card resource manager is not running.”. If the service runs as SYSTEM, the same…

3

An aborted process that reads from a smartcard causes a 2nd reader process to hang

Hi all,     I’m currently working on the following issue on Windows Vista SP2 and Windows 7 RTM which doesn’t happen on Windows XP SP3: if a process that reads from a smart card is aborted unexpectedly after a call to SCardBeginTransaction without calling SCardEndTransaction, other instances of the same application or any other application using…

0

How to enumerate all certificates on a smart card (PowerShell)

Hi all,   Some time ago I assisted my colleague Jeff Bowles with the development of a PowerShell script which enumerates all certificates on a smart card. Basically the replacement to CAPICOM.Store.Open CAPICOM_SMART_CARD_USER_STORE. He developed a sample that returns a System.Security.Cryptography.X509Certificates.X509Store object with the certificates in the card. The sample tries to emulate what logonUI.exe does during smart…

4

ExportParameters returns Invalid type specified error

Hi all,   Some time ago a customer of mine was trying to export the private key associated to a certificate stored in a smart card, and for that he was trying to use the RSACryptoServiceProvider.ExportParameters method with a code like the following: ”   System.Security.Cryptography.X509Certificates.X509Certificate2 cert = GetCert(certName); RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey; RSAParameters params =…

0

How to clean up expired certs on your smart card

Hi all, The other day a colleague of mine was trying to renew his smart card certificate, but he got an error telling him that there was not enough space in the card to store the new cert. So he asked me: Alex, how can I delete a certificate from my smart card so there is…

2

PKCS#11 interface support on Windows 2000/Server 2003

Hi all, welcome back, I recently had some issues involving PKCS#11 interface on Windows, and it seems quite clear that we don’t support it, at least on Windows 2000 & Server 2003, and as far as I know on any other version of Windows:  Public Key Interoperability “Hardware Support …Windows 2000 uses CryptoAPI to abstract hardware-based key…

0

How to select which Smart Card reader to perform actions on

Hi all, welcome back, Most of the time we only have a smart card reader in our machine, and we only use one smart card to perform crypto operations. But what if we have several readers and cards, and those cards share the same CSP (Cryptographic Service Provider)? Can we select the one we want…

0

SCardGetStatusChange fails with SCARD_E_NO_SERVICE error

Hi, welcome back,   Smart Card Redirection on Microsoft Remote Desktop Protocol (RDP) client 6.0 may cause SCardGetStatusChange to fail with error 0x8010001d – SCARD_E_NO_SERVICE – “The Smart card resource manager is not running.”.   When a user connects from her machine A (i.e. Windows XP SP2) to a remote machine B (i.e. Windows Vista) using Microsoft RDP client,…

3