The exclusive promotional activities on JCOP J3H145 card and Feitian R301 Smartcard Reader are in full swing. Please check this page for details.

GIDS APP - Windows 10 smart card login

Smartcard solutions

Moderator: product

cdorde
Posts: 2
Joined: Tue Sep 04, 2018 8:46 am
Points :56
Contact:

GIDS APP - Windows 10 smart card login

Post by cdorde » Tue Sep 04, 2018 6:17 pm

I install cap file to JCOP242R3 card and personalize certificates to card. I used OpenSC-0.18.0-win64_vs12-Release.msi and in command prompt I issue commands:

gids-tool.exe -X --pin 1234 --serial-number 00000000000000000000000000000000

and after

pkcs15-init --auth-id 80 --pin 1234 --verify-pin -f PKCS12 --passphrase password -S private_cert.pfx

and everything passes ok.

Certutil -scInfo command works as expected. I can sign Word document.

But, what I can not do is use this card for windows smart card logon. Private key are from another card which works for smart card logon. Error message is "No valid certificates were found on this smart card".

My question: GidsApp applet installed on card can be used for windows smart card logon (Active Directory) or not?
Last edited by cdorde on Fri Sep 07, 2018 4:31 am, edited 1 time in total.

cdorde
Posts: 2
Joined: Tue Sep 04, 2018 8:46 am
Points :56
Contact:

Re: GIDS APP - Windows 10 smart card login

Post by cdorde » Wed Sep 05, 2018 9:49 am

Just to answer to myself:

GIDS applet CAN be used for Active Directory based smart card login.

My mistake was that personalisation of pfx file to card must contain key-usage directice. As stated in windows documentation key used for smart card login must be of type AT_KEYEXCHANGE. Because, I use OpenSC gids-tool.exe for personalisation of keys to card command must look like:

pkcs15-init --auth-id 80 --pin 1234 --verify-pin -f PKCS12 --passphrase password -S private_cert.pfx --key-usage=decrypt

"decrypt" is in OpenSC world same as AT_KEYEXCHANGE in Microsoft world.

I can use same key for signing in Word.

I hope that this explanatation will help somebody else ...

vletoux
Posts: 9
Joined: Fri Jan 22, 2016 3:43 pm
Points :281
Contact:

Re: GIDS APP - Windows 10 smart card login

Post by vletoux » Fri Jan 04, 2019 6:59 am

You can manually add any kind of RSA certificate to an Active Directory.
Operation which is called "explicit mapping" (at the oposition of "UPN mapping")

You have to alter the policy of the computer having access the smart card to show the certificate.
Then associate the certificate to the user account using a special attribute.

Procedure is described here:
http://download.mysmartlogon.com/SmartP ... cation.pdf

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 1 guest

JavaCard OS : Disclaimer