On 2010/12/20 5:30, Jean-Michel Pouré - GOOZE wrote: > Some users are contacting me with questions about Windows support for > PKCS#11 smartcards. As far as I understand, Windows support for PKCS#11 > is poor. >
AFAIK, Windows uses CSPs, and does not support PKCS#11 at all. This may have changed in Windows 7, but I doubt it. > Do some of you know solutions for: > * Single sign-on Windows using PKCS#11 cards. > * Smartcard based windows disk encryption (EFS). > * Secure (smartcard) logon using MS Windows VPN. No :) > > Would a mini-driver between Windows and PKCS#11 do the trick? Just for > my personal knowledge, I would like to know. There is such a mini-driver > in OpenSC SVN. Is it working? I haven't tried the one in SVN, but it looks like a fairy complete read-only driver. Try it and tell us how it worked out. Generally: * a minidriver is a *CSP* minidriver. You can think of it as a equivalent to the card driver modules in OpenSC. There is actually a Wiki with a pretty picture :) http://www.opensc-project.org/opensc/wiki/MiniDriver * it's just a DLL, that exposes functions like create file, delete file, sign, encrypt etc. The specification is available from Microsoft ([1]) * the cool thing about a minidriver is that, unlike a full CSP, you don't have to get it signed by Microsoft * writing a full minidriver is tricky, but a read-only one is fairly easy * as long as the following basic functionality is implemented, you should be able to use your OpenSC card with the Windows CSP * listing files and containers * authentication (PIN) * exporting certificates * signing [1] http://www.microsoft.com/whdc/device/input/smartcard/sc-minidriver.mspx _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel