CryptoAPI: Send a challenge to a smart card
-
Various smart card certificates are imported into the system store. When a smart card is inserted into the reader, the user have to select his certificate from the list of certificates in the sistem and then insert the PIN. To verify that the certificate selected from the system store correspond to the smart card currently in the reader I try to send a challenge to the smart card (GemPlus CSP) - A crypto context from the certificate selected from the system store is acquired. - A crypto context from the smart card in the reader is acquired. - A challenge is created with random data (CryptGenRandom()). - The public/private key pair is obtained from the certificate in the system. (CryptGetUserKey(AT_KEYEXCHANGE)). - The challenge is encrypted with the previous public key from the certificate in the system store (CryptEncrypt()). - The public/private key pair is obtained from the smart card (CryptGetUserKey(AT_KEYEXCHANGE)). - The encrypted challenge is decrypted with the smart card (CryptDecrypt(AT_KEYEXCHANGE)) which should use his private key. But when CryptDecrypt() with the crypto context of the smart card is called, error NTE_PROVIDER_DLL_FAIL (0x8009001D) is obtained. Where is the error ? NTE_PROVIDER_DLL_FAIL is an error raised when a context is acquired, according to the documentation, but it seems to have no relation with Crypt/Decrypt ! Thanks
-
Various smart card certificates are imported into the system store. When a smart card is inserted into the reader, the user have to select his certificate from the list of certificates in the sistem and then insert the PIN. To verify that the certificate selected from the system store correspond to the smart card currently in the reader I try to send a challenge to the smart card (GemPlus CSP) - A crypto context from the certificate selected from the system store is acquired. - A crypto context from the smart card in the reader is acquired. - A challenge is created with random data (CryptGenRandom()). - The public/private key pair is obtained from the certificate in the system. (CryptGetUserKey(AT_KEYEXCHANGE)). - The challenge is encrypted with the previous public key from the certificate in the system store (CryptEncrypt()). - The public/private key pair is obtained from the smart card (CryptGetUserKey(AT_KEYEXCHANGE)). - The encrypted challenge is decrypted with the smart card (CryptDecrypt(AT_KEYEXCHANGE)) which should use his private key. But when CryptDecrypt() with the crypto context of the smart card is called, error NTE_PROVIDER_DLL_FAIL (0x8009001D) is obtained. Where is the error ? NTE_PROVIDER_DLL_FAIL is an error raised when a context is acquired, according to the documentation, but it seems to have no relation with Crypt/Decrypt ! Thanks
-
Various smart card certificates are imported into the system store. When a smart card is inserted into the reader, the user have to select his certificate from the list of certificates in the sistem and then insert the PIN. To verify that the certificate selected from the system store correspond to the smart card currently in the reader I try to send a challenge to the smart card (GemPlus CSP) - A crypto context from the certificate selected from the system store is acquired. - A crypto context from the smart card in the reader is acquired. - A challenge is created with random data (CryptGenRandom()). - The public/private key pair is obtained from the certificate in the system. (CryptGetUserKey(AT_KEYEXCHANGE)). - The challenge is encrypted with the previous public key from the certificate in the system store (CryptEncrypt()). - The public/private key pair is obtained from the smart card (CryptGetUserKey(AT_KEYEXCHANGE)). - The encrypted challenge is decrypted with the smart card (CryptDecrypt(AT_KEYEXCHANGE)) which should use his private key. But when CryptDecrypt() with the crypto context of the smart card is called, error NTE_PROVIDER_DLL_FAIL (0x8009001D) is obtained. Where is the error ? NTE_PROVIDER_DLL_FAIL is an error raised when a context is acquired, according to the documentation, but it seems to have no relation with Crypt/Decrypt ! Thanks
Nyarlatotep wrote:
Where is the error ?
You tell us! :) From CryptAcquireContext(), CPAcquireContext(): NTE_PROVIDER_DLL_FAIL( 0x8009001DL ) The provider DLL file could not be loaded or failed to initialize.
Mark Salsbery Microsoft MVP - Visual C++ :java:
-
Nyarlatotep wrote:
Where is the error ?
You tell us! :) From CryptAcquireContext(), CPAcquireContext(): NTE_PROVIDER_DLL_FAIL( 0x8009001DL ) The provider DLL file could not be loaded or failed to initialize.
Mark Salsbery Microsoft MVP - Visual C++ :java:
:) It could be but ... CryptAcquireContext() does not raise this error, it succeeded. It's CryptDecrypt() which fails. Naturally this function tries (would?) to decrypt data using the AT_KEYEXCHANGE key obtained with CryptGetUserKey() from the context acquired from the smart card. According to MSDN: "The CryptGetUserKey function retrieves a handle of one of a user's two public/private key pairs..." If I'm not wrong CryptoAPI CryptEncrypt()/CryptDecrypt() should use the public key to encrypt and the private key to decrypt, but decrypting with the private key from the smart card fails. Changhing the key type to AT_SIGNING when retrieving the key pair with CryptGetUserKey() has no effects (and it has not sense for me. I don't want to sign a piece of data with the private key. I want decrypt a piece of data with it ).
