PIVKey is designed to be used with the Windows Cryptographic Subsystem (also known as CAPI or CNG) using the Windows Base Smart Card Crypto Provider. This provider in turn uses a Smart Card Minidriver to communicate with the Smart Card.
PIVKey supports the default Windows PIV Minidriver (in "Read Only" mode) and the PIVKey Minidriver (for reading and writing to the card).
In order to generate keys, or load certificates to the card, you will need to install the PIVKey Minidriver, part of the PIVKey Admin and PIVKey User Install. The PIVKey Minidriver allows the Windows Smart Card Base Crypto Provider to generate keys and load certificates on the PIVKey.
To test whether the Admin Install is functioning correctly, run the following command using the pivkeytool.exe from the directory where the PIVKey Admin Tools were installed, the default is C:\Program Files (x86)\PIVKey Installer\PIVKey Admin Tools. (However, in the example below, the tools were installed into C:\Users\LocalAdmin\Desktop\PIVKey MapTool.)
pivkeytool --listcardid
Normal Result
This test is successful. The tool can recognize the reader ("FT Java Token 0"), and it finds the correct card module "tagliov70p.dll". It then reads the card ID.
The name of the reader will vary depending on the type of token. When you are using a PIVKey smart card, the reader will have the name of the Card Reader you are using. Below is an example of a card using an SCM/Identiv Reader.
No Reader
The following result will occur when no reader is recognized:
When this occurs, check that the token or reader is connected correctly.
PIVKey Minidriver Not Installed
The following result indicates that the PIVKey Minidriver / Admin Install is not in installed or not installed correctly. The system is using the default Windows PIV minidriver (msclmd.dll) instead of the PIVKey Minidriver (tagliovXXp.dll).
The PIVKey tool will successfully read the card ID, but will fail on any function requiring PIVKey specific commands, such as the "listmd" command to list the minidriver certificates.
To fix this problem, (re)install the Admin installer, or manually install the minidriver and Registry Settings.
Wrong Minidriver
The following error occurs when the correct registry settings are present, but the PIVKey minidriver dll is not available.
To fix this problem, (re)install the Admin installer, or manually install the minidriver and Registry Settings.
0 Comments