To accommodate existing cards that use a proprietary format when they perform secure key injection, the minidriver can be loaded on the server-side without the card 2 This mode of establishing temporary symmetric sessions keys require that the public key be trusted by the server application out-of-band. The functionality in a card minidriver is narrowly scoped and carefully defined so that the card-dependent code is simple to implement and easy to verify functionally. Windows Smart Card Minidriver Specifications – The following table lists the files used by the discovery process: If CardGetChallenge was not called before calling CardAuthenticateChallenge, the count of remaining authentication attempts is not decremented. Windows enrolls the YubiKey for Windows login. There are no open issues. United Kingdom – English.

Uploader: Jujas
Date Added: 2 December 2009
File Size: 59.13 Mb
Operating Systems: Windows NT/2000/XP/2003/2003/7/8/10 MacOS 10/X
Downloads: 41088
Price: Free* [*Free Regsitration Required]

Windows Inbox Smart Card Minidriver

The default key values are as follows: The YubiKey Minidriver can be set as the default driver by following these steps:. For smart cards, Windows supports a provider architecture that meets the secure authentication requirements and is extensible so that you can include custom credential providers. If this flag was set, the key handle might be a handle to a predefined key on the server. The following table shows the restrictions for the container creation operation.

A set of flags that specify options for the operation. Count of times that an incorrect PIN can be presented to the card before the card is locked.


This is an additional protection against use of a private key without explicit user intent. This value is used to uniquely identify cached data that pertains to a given smart card. This flag also affects the data cache. Returns invalid argument error if NULL is passed as the directory name.

To add branding information to the Plug and Play experience for such cards, vendors can provide INF files that override various strings to provide branding information. Establishment of encryption keys: A byte pointer to the optional data buffer that contains the input data. The key BLOB that is to be imported should be appended at this address. For larger certificates, it is recommended to use the YubiKey 4 or 5 hardware.

YubiKey Smart Card Deployment Guide : Yubico Support

This function is used to query the properties of a key. This results in significant loss of useful space.

Length of input buffer. For example, this would work well with a key establishment protocol, such as the protocol that is specified by GlobalPlatform. Each section is filled up with the XML tags described below.

Smart Card Architecture

To alter the microsoff policy behavior, the following registry entry must be configured prior to setting up keys. The YubiKey Minidriver sets the touch policy are set when a key is first imported or generated. For container specification level II only, the name of the default container on the chosen smart card is determined. Depending on your environment, it could take up to eight hours for the template to publish to Active Directory.


The issue is that a protocol such as the Kerberos protocol requires multiple signing operations. The pwszBlobType parameter can currently have only one value as described in the following table.

Product feedback Sign in to give documentation feedback. For example, if a file is written to the smart card, the CSP cache becomes out-of-date for the files, and other processes read the smart card at least once to refresh their CSP cache. The following sample code details how the authenticating entity could calculate the response.

Title field value.

The actual session PIN negotiation is outside the scope of this specification. For Policy type required in signatureselect Application policy.

Here is the sample. The card can record this as the currently authenticated ID and can easily verify access control rules on keys and PINs by doing a bit-wise AND operation.

Historically smart card minidrivers were also referred mni-driver as smart card modules or smartcard card modules.

The value of the string should follow the following format: