Help: How to Prompt Smart Card PIN Authentication ? (using Crypto API & Certificate Store) RRS feed

  • Question

  • I am building on a desktop application which needs to read the certificate from the user's smart cards. I am using Crypto API & Certificate Store to access the certificates. When I access to the certificates, I need the user to authenticate his PIN.

    I don't know how to force the smart card to popup the PIN# authentication dialog. I can access to the user's certificate in the Windows Store directly without entering any PIN#. The system doesn't prompt for PIN# either after the application restarts or the smart card re-inserts,

    According to Microsoft MSDN, Windows caches the user's PIN#, but it should clear the PIN# from cache after I close the application or remove the smart card.

    Please provide some helps, links, or insight. Samples are highly appreciated.

    Thanks a million.

    Friday, July 28, 2017 3:37 AM

All replies

  • Use the private key associated with the certificate (example CryptSignHash) and the CSP or mini driver will ask for the PIN itself.
    Sunday, August 6, 2017 6:57 PM
  • This is a poor answer. What if this is a shared workstation, and you want to ensure the correct user credentials are selected? What would you do, have the user scroll through a list of a thousand certificates cached in the MY store to select his? Plus a smart card can have multiple certificates on it. We need a way to reliably ask for the current smart card contents, ask the user to choose a cert, and then authenticate with that cert.


    Thursday, March 7, 2019 8:04 PM