[opensc-devel] Windows Logon with OpenSC + MuscleApplet

Thu, 11 Oct 2012 18:14:48 -0700 

Hello,

I am new to Smart Cards and I'm trying to use a Java Card to logon in a
Domain maintained by a Windows Server 2008 R2. I actually can logon using a
non Java card, but i need to use a proprietary software (AET SafeSign) and
a obsolete Smart Card (Starcos SPK 2.3) to do it. I wish to logon using the
less proprietary software i can. I have two Java Cards (Oberthur ID-One
Cosmo v7.0.1 Standard / G&D Sm@rtCafé 3.2 72K) and this what i have done so
far for each of them:

- Compiled MuscleApplet and installed it in the card using GPShell under a
Windows environment (Windows Server 2008 R2).
- In a Linux environment, installed OpenSC and initialized the MuscleApplet
sendind the APDU commands needed.
- Still under Linux, ran pkcs15-init to build pkcs15 structure (i was
getting "Unsupported Card" message, but i changed opensc conf file to force
the use of muscle driver and it worked).
- Then I came back to Windows and installed OpenSC with the .msi installer
(complete install option).
- In the registry Editor, I created a entry to my card ATR:

        (Obethur Card)

   - HKLM\SOFTWARE\Microsoft\Cryptograph\Calais\SmartCards\Test
   - HKLM\SOFTWARE\Wow6432Node\Microsoft\Cryptograph\Calais\SmartCards\Test
      - "ATR"=hex:3B DB 96 00 80 B1 FE 45 1F 83 00 31 C0 64 1A 18 01 00 01
      90 5C
         - "ATRMask"=hex:ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
         ff ff ff ff ff
         - "Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
         - "Smart Card Key Storage Provider"="Microsoft Smart Card Key
         Storage Provider"
         - "80000001"="opensc-minidriver.dll


My problem is that when i run certutil -scinfo, i can get the card name,
ATR and providers, but after that certutil gets stucked and i need to
finalize it. I repeated the process several times for each smart card,
restarted the system, but without success. I would like to know if I'm on
the right way or missed some part, because as I said, I'm knew to smart
cards. I can store a certificate in the card using pkcs15-tool. I would
like to know if it's possible to store the cetificate for a domain user via
Windows Server Certification Authority Services directly, using mmc.exe. I
tried it, but it doesn't complete the process.

Thanks in advance,

Felipe

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to