Hello,
I would like to test newly written minidriver for smartcard with ECC support (key generation, signing
works on the smartcard side - it was tested using PKCS#11 library). The problem is that I am not able to use smartcard via Microsoft Smart Card Key Storage Provider.
With RSA and Microsoft Base Smart Card Crypto Provider all works fine - CSRs were generated without issues. Problem is present on Windows 7 64bit and Windows 10 64 bit. My minidriver implementation
provides CardCreateContainer function which supports CARD_CREATE_CONTAINER_KEY_GEN as dwFlags and any dwKeySpec from AT_ECDSA_P256, AT_ECDSA_P384, or AT_ECDSA_P521.
Windowes registry is set as stated on the webpage, with ATR and ATR mask; minidriver.dll should works under BaseCSP and KSP, right? Card reader works fine, all drivers are up to date.
[part of the registry entry]
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
"80000001"="C:\\Windows\\System32\\minidriver.dll"
I used certreq to generate keypair and prepare the CSR, and cspustil -csptest to get the provider name.
Question: What possibly went wrong with this request and where start to find looking for bugs in my minidriver code or configuration files / installation?
thanks in advance,
Michal
This is my certreq.inf
[NewRequest]
; At least one value must be set in this section
Subject = "CN=user@example.org"
Exportable = FALSE
KeyAlgorithm = ECDSA_P256
KeyLength = 0
KeySpec = AT_ECDSA_P256
KeyUsage = 0xd0
; certutil –csplistProviderName="Microsoft Smart Card Key Storage Provider"
Below is excerpt from output of the `csputil -csptest` command:
Provider Name: Microsoft Smart Card Key Storage Provider
Name: Microsoft Smart Card Key Storage Provider
HWND Handle:Binary:
0000 00 00 00 00 00 00 00 00 ........
Impl Type: 11 (0xb)
NCRYPT_IMPL_HARDWARE_FLAG -- 1
NCRYPT_IMPL_SOFTWARE_FLAG -- 2
NCRYPT_IMPL_REMOVABLE_FLAG -- 8
Version: 65536 (0x10000)
Pass
Provider Aliases:
Microsoft Base Smart Card Crypto Provider
Microsoft Smart Card Key Storage Provider
Provider Module:
UM(1): scksp.dll
0(1): 10001, 0
0: KEY_STORAGE
Asymmetric Encryption Algorithms:
RSA
BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE -- 3
NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION -- 4
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
Secret Agreement Algorithms:
ECDH_P256
BCRYPT_SECRET_AGREEMENT_INTERFACE -- 4
NCRYPT_SECRET_AGREEMENT_OPERATION -- 8
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDH_P384
BCRYPT_SECRET_AGREEMENT_INTERFACE -- 4
NCRYPT_SECRET_AGREEMENT_OPERATION -- 8
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDH_P521
BCRYPT_SECRET_AGREEMENT_INTERFACE -- 4
NCRYPT_SECRET_AGREEMENT_OPERATION -- 8
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
Signature Algorithms:
RSA
BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE -- 3
NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION -- 4
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDSA_P256
BCRYPT_SIGNATURE_INTERFACE -- 5
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDSA_P384
BCRYPT_SIGNATURE_INTERFACE -- 5
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDSA_P521
BCRYPT_SIGNATURE_INTERFACE -- 5
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
Asymmetric Algorithms:
RSA
BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE -- 3
NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION -- 4
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
NCryptCreatePersistedKey(Microsoft Smart Card Key Storage Provider, RSA)
Algorithm Group: RSA
Algorithm Name: RSA
Length: 2048 (0x800)
Lengths:
dwMinLength = 1024 (0x400)
dwMaxLength = 4096 (0x1000)
dwIncrement = 512 (0x200)
dwDefaultLength = 2048 (0x800)
Block Length: 256 (0x100)
UI Policy:
dwVersion = 1 (0x1)
dwFlags = 0 (0x0)
pszCreationTitle = (null)
pszFriendlyName = (null)
pszDescription = (null)
Export Policy: 0 (0x0)
HWND Handle:Binary:
0000 00 00 00 00 00 00 00 00 ........
Key Usage: 0 (0x0)
Pass
ECDH_P256
BCRYPT_SECRET_AGREEMENT_INTERFACE -- 4
NCRYPT_SECRET_AGREEMENT_OPERATION -- 8
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
NCryptCreatePersistedKey(Microsoft Smart Card Key Storage Provider, ECDH_P256)
Algorithm Group: ECDH
Algorithm Name: ECDH_P256
Length: 256 (0x100)
Lengths:
dwMinLength = 256 (0x100)
dwMaxLength = 256 (0x100)
dwIncrement = 0 (0x0)
dwDefaultLength = 256 (0x100)
UI Policy:
dwVersion = 1 (0x1)
dwFlags = 0 (0x0)
pszCreationTitle = (null)
pszFriendlyName = (null)
pszDescription = (null)
Export Policy: 0 (0x0)
HWND Handle:Binary:
0000 00 00 00 00 00 00 00 00 ........
Key Usage: 0 (0x0)
Pass
ECDH_P384
BCRYPT_SECRET_AGREEMENT_INTERFACE -- 4
NCRYPT_SECRET_AGREEMENT_OPERATION -- 8
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
NCryptCreatePersistedKey(Microsoft Smart Card Key Storage Provider, ECDH_P384)
Algorithm Group: ECDH
Algorithm Name: ECDH_P384
Length: 384 (0x180)
Lengths:
dwMinLength = 384 (0x180)
dwMaxLength = 384 (0x180)
dwIncrement = 0 (0x0)
dwDefaultLength = 384 (0x180)
UI Policy:
dwVersion = 1 (0x1)
dwFlags = 0 (0x0)
pszCreationTitle = (null)
pszFriendlyName = (null)
pszDescription = (null)
Export Policy: 0 (0x0)
HWND Handle:Binary:
0000 00 00 00 00 00 00 00 00 ........
Key Usage: 0 (0x0)
Pass
ECDH_P521
BCRYPT_SECRET_AGREEMENT_INTERFACE -- 4
NCRYPT_SECRET_AGREEMENT_OPERATION -- 8
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
NCryptCreatePersistedKey(Microsoft Smart Card Key Storage Provider, ECDH_P521)
Algorithm Group: ECDH
Algorithm Name: ECDH_P521
Length: 521 (0x209)
Lengths:
dwMinLength = 521 (0x209)
dwMaxLength = 521 (0x209)
dwIncrement = 0 (0x0)
dwDefaultLength = 521 (0x209)
UI Policy:
dwVersion = 1 (0x1)
dwFlags = 0 (0x0)
pszCreationTitle = (null)
pszFriendlyName = (null)
pszDescription = (null)
Export Policy: 0 (0x0)
HWND Handle:Binary:
0000 00 00 00 00 00 00 00 00 ........
Key Usage: 0 (0x0)
Pass
ECDSA_P256
BCRYPT_SIGNATURE_INTERFACE -- 5
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
NCryptCreatePersistedKey(Microsoft Smart Card Key Storage Provider, ECDSA_P256)
Algorithm Group: ECDSA
Algorithm Name: ECDSA_P256
Length: 256 (0x100)
Lengths:
dwMinLength = 256 (0x100)
dwMaxLength = 256 (0x100)
dwIncrement = 0 (0x0)
dwDefaultLength = 256 (0x100)
UI Policy:
dwVersion = 1 (0x1)
dwFlags = 0 (0x0)
pszCreationTitle = (null)
pszFriendlyName = (null)
pszDescription = (null)
Export Policy: 0 (0x0)
HWND Handle:Binary:
0000 00 00 00 00 00 00 00 00 ........
Key Usage: 0 (0x0)
Pass
ECDSA_P384
BCRYPT_SIGNATURE_INTERFACE -- 5
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
NCryptCreatePersistedKey(Microsoft Smart Card Key Storage Provider, ECDSA_P384)
Algorithm Group: ECDSA
Algorithm Name: ECDSA_P384
Length: 384 (0x180)
Lengths:
dwMinLength = 384 (0x180)
dwMaxLength = 384 (0x180)
dwIncrement = 0 (0x0)
dwDefaultLength = 384 (0x180)
UI Policy:
dwVersion = 1 (0x1)
dwFlags = 0 (0x0)
pszCreationTitle = (null)
pszFriendlyName = (null)
pszDescription = (null)
Export Policy: 0 (0x0)
HWND Handle:Binary:
0000 00 00 00 00 00 00 00 00 ........
Key Usage: 0 (0x0)
Pass
ECDSA_P521
BCRYPT_SIGNATURE_INTERFACE -- 5
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
NCryptCreatePersistedKey(Microsoft Smart Card Key Storage Provider, ECDSA_P521)
Algorithm Group: ECDSA
Algorithm Name: ECDSA_P521
Length: 521 (0x209)
Lengths:
dwMinLength = 521 (0x209)
dwMaxLength = 521 (0x209)
dwIncrement = 0 (0x0)
dwDefaultLength = 521 (0x209)
UI Policy:
dwVersion = 1 (0x1)
dwFlags = 0 (0x0)
pszCreationTitle = (null)
pszFriendlyName = (null)
pszDescription = (null)
Export Policy: 0 (0x0)
HWND Handle:Binary:
0000 00 00 00 00 00 00 00 00 ........
Key Usage: 0 (0x0)
Pass
All Algorithms:
RSA
BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE -- 3
NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION -- 4
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDH_P256
BCRYPT_SECRET_AGREEMENT_INTERFACE -- 4
NCRYPT_SECRET_AGREEMENT_OPERATION -- 8
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDH_P384
BCRYPT_SECRET_AGREEMENT_INTERFACE -- 4
NCRYPT_SECRET_AGREEMENT_OPERATION -- 8
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDH_P521
BCRYPT_SECRET_AGREEMENT_INTERFACE -- 4
NCRYPT_SECRET_AGREEMENT_OPERATION -- 8
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDSA_P256
BCRYPT_SIGNATURE_INTERFACE -- 5
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDSA_P384
BCRYPT_SIGNATURE_INTERFACE -- 5
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
ECDSA_P521
BCRYPT_SIGNATURE_INTERFACE -- 5
NCRYPT_SIGNATURE_OPERATION -- 10 (16)
BCryptEnumAlgorithms:
Hash Algorithms:
SHA256
SHA384
SHA512
SHA1
MD5
MD4
MD2
AES-GMAC
AES-CMAC
Asymmetric Encryption Algorithms:
RSA
Secret Agreement Algorithms:
DH
ECDH_P256
ECDH_P384
ECDH_P521
ECDH
Signature Algorithms:
RSA_SIGN
ECDSA_P256
ECDSA_P384
ECDSA_P521
ECDSA
DSA
Cipher Algorithms:
AES
dwMinLength=128 dwMaxLength=256 dwIncrement=64
3DES
dwMinLength=192 dwMaxLength=192 dwIncrement=0
3DES_112
dwMinLength=128 dwMaxLength=128 dwIncrement=0
XTS-AES
dwMinLength=256 dwMaxLength=512 dwIncrement=128
DESX
dwMinLength=192 dwMaxLength=192 dwIncrement=0
DES
dwMinLength=64 dwMaxLength=64 dwIncrement=0
RC2
dwMinLength=16 dwMaxLength=128 dwIncrement=8
RC4
dwMinLength=8 dwMaxLength=512 dwIncrement=8
RNG Algorithms:
RNG
FIPS186DSARNG
DUALECRNG
Asymmetric Algorithms:
RSA
DH
ECDH_P256
ECDH_P384
ECDH_P521
ECDH
RSA_SIGN
ECDSA_P256
ECDSA_P384
ECDSA_P521
ECDSA
DSA
All Algorithms:
AES
dwMinLength=128 dwMaxLength=256 dwIncrement=64
3DES
dwMinLength=192 dwMaxLength=192 dwIncrement=0
3DES_112
dwMinLength=128 dwMaxLength=128 dwIncrement=0
XTS-AES
dwMinLength=256 dwMaxLength=512 dwIncrement=128
DESX
dwMinLength=192 dwMaxLength=192 dwIncrement=0
DES
dwMinLength=64 dwMaxLength=64 dwIncrement=0
RC2
dwMinLength=16 dwMaxLength=128 dwIncrement=8
RC4
dwMinLength=8 dwMaxLength=512 dwIncrement=8
SHA256
SHA384
SHA512
SHA1
MD5
MD4
MD2
AES-GMAC
AES-CMAC
RSA
DH
ECDH_P256
ECDH_P384
ECDH_P521
ECDH
RSA_SIGN
ECDSA_P256
ECDSA_P384
ECDSA_P521
ECDSA
DSA
RNG
FIPS186DSARNG
DUALECRNG
SP800_108_CTR_HMAC
SP800_56A_CONCAT
PBKDF2
CAPI_KDF
TLS1_1_KDF
TLS1_2_KDF
CertUtil: -csptest command FAILED: 0x80090030 (-2146893776 NTE_DEVICE_NOT_READY)
