Ilias,
don't look for file structure or APDU set, µsoft didn't define them.
a windows application never (expect specific needs) access card's services
or data by APDU, instead the API of the Cryptographic Service Providers are
used (the famous "CSP functions" - "CPxxxxx").
you're right to say that one may buy a smartcard somewhere and some
cardlets elsewhere, but for most of usual needs these two parts are not
enough and you want (or have) to use a card driver like a CSP module or a
PKCS#11 driver; at least it's what happen with the w2k card login: when a
card is inserted, a dedicated CSP (w2k comes with some CSPs for some
existing cards and others will by added on incoming SP) manages that card
in order to have a cert temporally mounted into the registry, the system
then transmits it to the "domain server" that, I guess, compare it with its
own data, the big new thing of w2k server is that the user list contains a
new field used to store such cert (as far as I known no
signature/authentication are performed).
so, to create your own "login card", you can use the smartcard of your
choice, with the OS you prefer (it can be JavaCard or Multos, W4SC is not
mandatory) and you can implement just a Read Binary command ... but you'll
also have to implement a CSP that manages that card, implement all
functions used during that login (your question remains the same), have
that CSP signed by MS and installed on end-user system.
Sylvain.
At 09:08 17/04/01 +0300, you wrote:
>Hi all,
>Very good link Karl! But still I could not find the actual structure of
>files on the card (I didn't expect to find them to be honest) or the APDU
>commands used. Any more ideas?
>
>Regards,
>Ilias
>
>At 08:12 ðì 13/4/2001 +0200, you wrote:
>>hi,
>>
>>perhaps
>>
>>http://msdn.microsoft.com/library/default.asp?PP=/library/toc/psdk/security/
>>security0-2-1.xml&tocPath=security0-2-1&URL=/library/psdk/logauth/winlogon_p
>>ortal_2hb9.htm
>>
>>can help you.
>>
>>regards
>>
>> Karl
>>
>> > -----Original Message-----
>> > From: Nicholas Schuetz [mailto:[EMAIL PROTECTED]]
>> > Sent: Friday, April 13, 2001 6:18 AM
>> > To: Focus on Microsoft Mailing List; [EMAIL PROTECTED];
>> > [EMAIL PROTECTED]
>> > Subject: [OCF] Re: Windows 2000 smartcard login
>> >
>> >
>> > Gary,
>> >
>> > Thanks for your polite reply.
>> >
>> > PCSC is more of a Hardware specification. The
>> > Linux/UNIX/Mac implementation of PCSC can be found at
>> > www.linuxnet.com. This is not what I am looking for.
>> >
>> > I am looking for the actual application specs for the
>> > app that goes on the smart card. Something like the
>> > manual for creating a smart card for Windows 2000
>> > login. I would also like to know what cards are or can
>> > be used for this (Multiflex, GemXpresso ect.).
>> >
>> > I want to create a Smart Card for logging into Windows
>> > 2000 Pro at startup using their interface.
>> >
>> > Nick
>> >
>> > --- Gary McIntyre <[EMAIL PROTECTED]> wrote:
>> > > Nick,
>> > >
>> > > As you probably already know, there are a number of
>> > > standards out there for smart card integration. You
>> > > may want to start by taking a look at the PC/SC
>> > > implementation for Windows as it is documented in
>> > > the MS Platform DDK and SDK CDs. Some time back,
>> > > Microsoft chose the PC/SC specification (still in
>> > > version 1.0) to handle smart card and smart card
>> > > reader integration into their OSes, and is a member
>> > > of the PC/SC Workgroup that is working on the next
>> > > version of the standard (www.pcscworkgroup.com).
>> > >
>> > > One stumbling block I can see (given your bias
>> > > towards Linux) may be that there has been little
>> > > effort to port the specification to Linux.
>> > > Certainly, Microsoft is NOT a member of the OpenCard
>> > > consortium, and (to my knowledge) there is no plan
>> > > to make them so. That said, a number of smart card
>> > > vendors ARE members of both groups...
>> > >
>> > > Gary McIntyre
>> > >
>> > > ----- Original Message -----
>> > > From: Nicholas Schuetz
>> > > To: [EMAIL PROTECTED]
>> > > Sent: Wednesday, April 11, 2001 1:14 PM
>> > > Subject: Re: Windows 2000 smartcard login
>> > >
>> > >
>> > > Thank you for your reply but I am afraid you do
>> > > not understand my question. Allow me to rephrase it.
>> > > What I meant to ask is what application and or
>> > > applet needs to go on the Smart Card itself. What
>> > > card(s) and from what manufacturer need to be used?
>> > > I want to know what is the actual application or
>> > > applet needed for the Smart Card Login in Window$
>> > > 2000 Profe$$ional? Where can I get it? What is the
>> > > code for that application or applet? What does
>> > > Window$ want from the Smart Card for this
>> > > authentication?
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > Smart Cards:
>> > >
>> > >
>> > >
>> > > When you order or buy a Smart Card from a Smart
>> > > Card vendor it comes to you with the OS installed on
>> > > it and that's it (In some rare cases not even that).
>> > > The Smart Card IC is like a very small computer.
>> > > They have CPU's w/ cryptocoprocessors, ROM, RAM and
>> > > EEPROM as a part of their design. The commands used
>> > > for communicating to the cards are called APDU's.
>> > > You send these APDU's via a software interface
>> > > (www.linuxnet.com or www.opencard.org) to the Smart
>> > > Card Reader/Terminal with the Smart Card inserted in
>> > > it. The Smart Card then replies to you with a
>> > > response code (SW1SW2) and your requested data...
>> > >
>> > >
>> > >
>> > > ....Go to www.linuxnet.com or www.opencard.org for
>> > > more info on Smart Card development.
>> > >
>> > >
>> > >
>> > > Nick
>> > >
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: Focus on Microsoft Mailing List
>> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Kurt
>> > > Seifried
>> > > Sent: Monday, April 09, 2001 4:10 PM
>> > > To: [EMAIL PROTECTED]
>> > > Subject: Re: Windows 2000 smartcard login
>> > >
>> > >
>> > >
>> > > Ok there are three things usually you get when you
>> > > buy a smartcard usually:
>> > >
>> > >
>> > >
>> > > The smartcard itself, the good ones have onboard
>> > > memory, cryptographic components and an RNG, the
>> > > cert is born on the card, lives on the card and dies
>> > > on the card. As far as I know you cannot buy the
>> > > "software" on the chips/etc on the smartcard
>> > > seperately.
>> > >
>> > > The smartcard reader, nothing to interesting here
>> > > unless it's something like leapfrog's with a
>> > > fingerprint scanner built in.
>> > >
>> > > The application software for you PC, i.e. tools to
>> > > access the card, have it create a new cert, delete
>> > > old ones, test the card, etc.
>> > >
>> > >
>> > >
>> > > Then you also need applications that know what to
>> > > do with it (such as MSIE, Outlook, etc.).
>> > >
>> > >
>> > >
>> > > Also you typically do not buy the cards from MS
>> > > (for that matter do they sell them at all?), you go
>> > > to a vendor like CryptoCard.
>> > >
>> > >
>> > >
>> > > Kurt Seifried, [EMAIL PROTECTED]
>> > > Securityportal - your focal point for security on
>> > > the 'net
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > ----- Original Message -----
>> > >
>> > >
>> > > From: Hellaenergy
>> > >
>> > > To: [EMAIL PROTECTED]
>> > >
>> > > Sent: Friday, April 06, 2001 1:01 PM
>> > >
>> > > Subject: Windows 2000 smartcard login
>> > >
>> > >
>> > >
>> > > Does anyone out there have the smartcard
>> > > application that needs to be used to log on with a
>> > > smartcard in Win2000? I have searched the Windows
>> > > website up and down and found nothing regarding the
>> > > actual code for this task. I want the actual
>> > > smartcard application that goes on the card. I DO
>> > > NOT a way to BUY the card from Micro$oft.
>> > >
>> > >
>> > >
>> > > Thanks
>> > >
>> > >
---
> Visit the OpenCard web site at http://www.opencard.org/ for more
> information on OpenCard---binaries, source code, documents.
> This list is being archived at http://www.opencard.org/archive/opencard/
! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email
! to
! [EMAIL PROTECTED]
! containing the word
! unsubscribe
! in the body.
