none
Any changes for custom Cryptographic Service Providers in Windows 8? RRS feed

  • Question

  • Hello everyone,

    we ship our own CSP that works with our smartcards, and for some reason, on Windows 8 RTM the certificates on our smartcards are not imported automatically by the certificate propagation service (CertPropSvc) into the users' "My" store, as was the case with previous versions of the OS, such as Windows 7. However, our own software, when running on Windows 8, is able to enumerate the certificates on our smartcards without problems and can e.g. extract properties of the certificates on our smartcards, such as the subject of the certificate. It is only CertPropSvc on Windows 8 that doesn't work as expected. Are there any changes in Windows 8 w.r.t. this functionality, anything that must be changed in the CSP or its installation?

    I have tested on Windows 8 x86 RTM Enterprise.

    Any help appreciated,

    --

    Stefan Kuhr

    Tuesday, August 21, 2012 6:38 PM

Answers

  • Hello everyone,

    meanwhile I have found out that it is our CSP that is crashing the CertPropSvc on Windows 8, so this is why I never see any certs imported. I apologize for any invonveniences and I will first have to fix our CSP. If there are still any problems after having done this, I will come back to this issue.

    Thanks everyone,

    --

    S

    • Marked as answer by Stefan Kuhr Tuesday, August 28, 2012 6:22 PM
    Tuesday, August 28, 2012 6:22 PM

All replies

  • I'm not that familiar with the smartcard stack, but did you try the same test on the same machine with a card that works with a built in csp like the smartcard base csp? Did CertPropSvc propogate certs on that card?

    Andrew

    Saturday, August 25, 2012 2:40 AM
  • Hello Andrew,

    I did try with the Aladdin eToken that I use for logging on to my AD-joined box and certpropsvc instantly imported its certificates into the "My" store, therefore my guess is, that it is our csp that is the culprit. Is there any logging facility that I could turn on to troubleshoot this or would it be of any help to use the checked build of the OS to further investigate? Or are there any known requirements for CSPs to continue to work on Windows 8?

    Side note: Some new behaviour with Windows 8 puzzled my quite a bit even with the Aladdin eToken: As soon as I detached it from the box, the certificate that was previously imported vanished from the "Certificates" MMC snap-in immediately and reappeared when the eToken was attached again. This was not the case with Windows 7. Maybe this is just UI to reflect that these certificates are useless as long as the physical hardware is not attached and thus a red herring in my actual problem with our own csp and our own smartcards.

    In case this matters: Our csp is based on the "coolkey" csp project from Fedora and the CA for the certificates stored on them is ourselves.

    Any help appreciated,

    --

    S

    Sunday, August 26, 2012 8:04 AM
  • Hello everyone,

    meanwhile I have found out that it is our CSP that is crashing the CertPropSvc on Windows 8, so this is why I never see any certs imported. I apologize for any invonveniences and I will first have to fix our CSP. If there are still any problems after having done this, I will come back to this issue.

    Thanks everyone,

    --

    S

    • Marked as answer by Stefan Kuhr Tuesday, August 28, 2012 6:22 PM
    Tuesday, August 28, 2012 6:22 PM