locked
"CertPropSvc" service seems not to work with PROV_RSA_AES type CSPs RRS feed

  • Question

  • Hi,

    I'm working on migrating the smartcard CSP of a client
    to support PROV_RSA_AES (24) provider type instead of PROV_RSA_FULL (1).

    The CPS smartcard capabilities accept SHA2 algos.
    And the client wants its CSP fully compliant on AES crypto operations.

    So, keeping in mind to preserve certificate propagation feature,

    i modify the "Type" value in the following registry key :

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\ASIP Sante Cryptographic Provider]
    "Image Path"= ...
    "Type"=dword:00000001  ==>  dword:00000018

    Then I notice that certificate propagation doesn't work anymore
    when inserting a card in the reader.
    None certificate are present in the User cert store.

    Then ,if I switch back to  dword:00000001 value, propagation restarts as usual.

    Could someone explain me why "CertPropSvc" service expects a data of 1 for the "Type" value ?
    Is there any TechNet documentation on how propagation service works behind the scenes ? 



    Thanks for your answers.

    Monday, November 30, 2015 8:05 PM

All replies

  • Hello,

    Our client wants an answer/explanation of why certificate propagation
    does not work when the type of provider is turned into PROV_RSA_AES.

    In registry, The custom smartcard ATR is well linked to the custom provider name.
    Our client only wants to change the type of provider from 1 to 24 to support SHA2 operations.

    Thanks for your pointers.
    Friday, December 11, 2015 4:59 PM