The vSEC_CMS Utility

Included with the PIVKey Admin Installer download, is the vSEC_CMS utility, an application from Versatile Security Sweden AB (  It provides a GUI, or graphical user interface, application to perform many card management functions, whereas the PIVKeyTool is a command line tool performing these same functions.  We provide both in order to give users a choice.

A couple of important notes when deciding to use the vSEC_CMS utility:

  • If an error occurs when using the Admin Key, either modifying it or unblocking the user PIN, see this article before continuing.  Continued incorrect attempts with the Admin Key can block the card!
  • vSEC_CMS cannot map certificates to the PIV slots.  Mapping must be done when the certificate templates are set up or manually using the PIVKeyTool.
  • Three of the Card Action functions are not relevant to PIVKey:  Offline Unblock, PIN Policies, and BIO Policies.
  • It is recommended to use vSEC_CMS with only a single smart card reader to avoid confusion and ensure you do not change the incorrect card.
  • Provided in the downloaded folder is the installer for the vSEC_CMS application.  Double-click it and follow the instructions to complete the install.
  • vSEC_CMS can be difficult to find once installed but the installer usually creates a desktop shortcut.  The actual application is often in C:\Users\username\AppData\Roaming\Versatile Security\vSEC_CMS_K.

The vSEC_CMS shortcut looks like this on Windows 10, double click it to launch the program:


The application opens as shown below.  If the mouse hovers over the icon next to the Home icon, it is shown as Card Actions.  Click this option.


Eight Card Action icons are available next to the Home icon now.  Hovering over each one in turn will reveal their function.  The five that may be used by PIVKey users are: 

  • Online Unblock:  use the Admin Key to unblock a user PIN that has become blocked after too many incorrect attempts
  • Smart Card PIN:  change the user PIN
  • Admin Key:  change the Admin Key (Note: vSEC_CMS requires you to first Copy the new Admin Key before it can be changed.  It is copied to the Clipboard.)
  • Certificates and Keys:  view Certificate information as well as import or delete certificates
  • Smart Card Information:  view PIVKey information

These functions are mostly self explanatory.  The only one that may not be intuitive is the Online Unblock function.  To use the Admin Key to unblock a user PIN that has become blocked, click on the Card Actions - Online Unblock icon.  Enter the new PIN twice and press Unblock.  


A pop-up will appear where the Admin Key should be entered.  Then click Calculate Cryptogram.


A message will appear stating "New PIN successfully set." or "Unblock user PIN failed."  In the case of failure, check your Admin Key carefully before trying again.  

Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk