Excited to tell you that our welfare activity has been upgraded - Paying only $5.00 + Freight to get JCOP J3H145 card and A40CR card.
Please check this post for more details.

Moreover, if you want to get Free Samples by Paying Freight only , please check this page.

GIDS APP - Windows 10 smart card login

Smartcard solutions

Moderator: product

cdorde
Posts: 2
Joined: Tue Sep 04, 2018 8:46 am
Points :40
Contact:

GIDS APP - Windows 10 smart card login

Post by cdorde » Tue Sep 04, 2018 6:17 pm

I install cap file to JCOP242R3 card and personalize certificates to card. I used OpenSC-0.18.0-win64_vs12-Release.msi and in command prompt I issue commands:

gids-tool.exe -X --pin 1234 --serial-number 00000000000000000000000000000000

and after

pkcs15-init --auth-id 80 --pin 1234 --verify-pin -f PKCS12 --passphrase password -S private_cert.pfx

and everything passes ok.

Certutil -scInfo command works as expected. I can sign Word document.

But, what I can not do is use this card for windows smart card logon. Private key are from another card which works for smart card logon. Error message is "No valid certificates were found on this smart card".

My question: GidsApp applet installed on card can be used for windows smart card logon (Active Directory) or not?
Last edited by cdorde on Fri Sep 07, 2018 4:31 am, edited 1 time in total.

cdorde
Posts: 2
Joined: Tue Sep 04, 2018 8:46 am
Points :40
Contact:

Re: GIDS APP - Windows 10 smart card login

Post by cdorde » Wed Sep 05, 2018 9:49 am

Just to answer to myself:

GIDS applet CAN be used for Active Directory based smart card login.

My mistake was that personalisation of pfx file to card must contain key-usage directice. As stated in windows documentation key used for smart card login must be of type AT_KEYEXCHANGE. Because, I use OpenSC gids-tool.exe for personalisation of keys to card command must look like:

pkcs15-init --auth-id 80 --pin 1234 --verify-pin -f PKCS12 --passphrase password -S private_cert.pfx --key-usage=decrypt

"decrypt" is in OpenSC world same as AT_KEYEXCHANGE in Microsoft world.

I can use same key for signing in Word.

I hope that this explanatation will help somebody else ...

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 1 guest

JavaCard OS : Disclaimer