How do you troubleshoot a minidriver smart card when the minidriver has been installed, but it is still not working? Windows installs the minidriver dll into the windows directory, and sets some specific registry settings so that the cryptographic subsystem can associate the correct dll with the card you are trying to use.
The relevant registry entries are here:
Under the SmartCards key is a list of the smart cards that Windows recognizes. Each key generally has the following entries:
The ATR is the “Answer To Reset” string provided by the smart card. In this context it serves to identify the smart card. The ATR Mask tells Windows to look only at the significant parts of the ATR. In the example above, all parts are significant.
The Crypto Provider and Smart Card Key Storage Provider entries are always going to be shown for a mini driver smart card. That is because a minidriver is specifically designed to work with the Microsoft Smart Card providers (it is what makes it a “mini” driver).
The 80000001 value is where the actual minidriver.dll is located. If any of these values is incorrect, the crypto subsystem will not be able to associate the correct dll with the card, and fail to read the certificates from the card or be able to authenticate to it. This dll is in the system directory.
To trouble shoot, you must first know the ATR of the specific card you are trouble shooting. Most smart card readers have utilities that enable you to see the ATR. However, an easier way is to use the CertUtil utility provided by Microsoft. Just run the following command:
certutil -v -scinfo
In the above example the smart card resource manager is working fine, the reader is recognized, and the card is identified.
The PIVKey Feitian (E0) is an entry in the registry Smart Card list. Looking up the registry entry will show that the minidriver for this card is tagliov70px.dll.
0 Comments