In order to thank you for all members' support of our website, we are holding new events - Getting Free Samples by Paying Freight only.
Want to get free samples? Please check this post for more details.

GIDS APP - Windows 10 smart card login

Smartcard solutions

Moderator: product

cdorde
Posts: 2
Joined: Tue Sep 04, 2018 8:46 am
Points :34
Contact:

GIDS APP - Windows 10 smart card login

Post by cdorde » Tue Sep 04, 2018 6:17 pm

I install cap file to JCOP242R3 card and personalize certificates to card. I used OpenSC-0.18.0-win64_vs12-Release.msi and in command prompt I issue commands:

gids-tool.exe -X --pin 1234 --serial-number 00000000000000000000000000000000

and after

pkcs15-init --auth-id 80 --pin 1234 --verify-pin -f PKCS12 --passphrase password -S private_cert.pfx

and everything passes ok.

Certutil -scInfo command works as expected. I can sign Word document.

But, what I can not do is use this card for windows smart card logon. Private key are from another card which works for smart card logon. Error message is "No valid certificates were found on this smart card".

My question: GidsApp applet installed on card can be used for windows smart card logon (Active Directory) or not?
Last edited by cdorde on Fri Sep 07, 2018 4:31 am, edited 1 time in total.

cdorde
Posts: 2
Joined: Tue Sep 04, 2018 8:46 am
Points :34
Contact:

Re: GIDS APP - Windows 10 smart card login

Post by cdorde » Wed Sep 05, 2018 9:49 am

Just to answer to myself:

GIDS applet CAN be used for Active Directory based smart card login.

My mistake was that personalisation of pfx file to card must contain key-usage directice. As stated in windows documentation key used for smart card login must be of type AT_KEYEXCHANGE. Because, I use OpenSC gids-tool.exe for personalisation of keys to card command must look like:

pkcs15-init --auth-id 80 --pin 1234 --verify-pin -f PKCS12 --passphrase password -S private_cert.pfx --key-usage=decrypt

"decrypt" is in OpenSC world same as AT_KEYEXCHANGE in Microsoft world.

I can use same key for signing in Word.

I hope that this explanatation will help somebody else ...

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 0 guests

JavaCard OS : Disclaimer