Skip to content

Windows CSP (CryptoAPI)

Jump to bottom Edit New page
Viktor Tarasov edited this page Dec 11, 2012 · 2 revisions

Windows CSP (CryptoAPI)

Attention! Information on this page might be outdated or misleading. Ask on [MailingLists opensc-devel mailing list] if unsure.
On Windows native applications use CryptoAPI – a high level cryptography framework.
If Applications use this framework, no changes are needed to use certificates and keys
not only from either files/registry but also from smart cards.

Such Applications can not use OpenSC directly. Instead they access the Crypto API on the upper side,
and a Crypto Service Provider needs to register smart card resource on the lower side.
That CSP can then use OpenSC either directly or via PKCS#11 API.

And of course you need the PC/SC Middleware and a driver for your smart card reader.
PC/SC is already included in Windows NT, 2000, XP and later, most readers can get a driver automatically from Windows Update.

The whole picture with all layers is:

+------------------------------------+
|           Application              |
+------------------------------------+
+============Crypto API==============+
|            Middleware              |
+==Crypto Server Provider Interface===+
+------------------------------------+
|        Crypto Service Provider     |
+--------------PKCS#11---------------+
|         OpenSC-PKCS11.dll          |
+--------------PC/SC-----------------+
|         PC/SC Middleware           |
+-------------Ifdhandler-------------+
|      Smart card Reader Driver      |
+------------------------------------+

BaseCSP and OpenSC

Windows XP and later have BaseCSP (included with Vista onwards, available for XP from Windows Update), which is a framework of smart card drivers. OpenSC snapshots from January 2010 implement this interface (See CardMod). BaseCSP is the recommended way of adding smart card support for CryptoAPI application on Windows.

CSP#11

CSP#11 is an open source implementation of the Crypto Service Provider API. It works with any PKCS#11 module
including the OpenSC-PKCS11.DLL included in OpenSC.

You can download CSP#11 at http://csp11.labs.libre-entreprise.org/..

Smart card bundle is our windows installer and it has a more detailed
web page about CSP11.

Note: does not seem to work under Windows 7

Idendity Alliance CSP

Idendity Alliance also offers a CSP implementation in their
ID Ally package.
(free for personal use, 30 days use for evaluation.)

Smart card bundle is our windows installer and it has a more detailed
web page about ID Ally.

Link broken: not available

PKCS CSP

PKCS CSP is an open-source CSP to use PKCS#11 modules. It was developed by Ilex and may be downloaded free of charge. The package contains the source files needed to build the CSP as well as documentation in English and French.

http://www.ilex.fr/en/opensource/pkcscsp.htm
Link broken: pkcscsp not available.

== Windows Vista and 7==
Latest Windows includes CryptoAPI-ng, an iproved version of CryptoAPI.
http://blog.blanar.net/files/FUN210_Ben-Menahem_Tucker.ppt

Add a custom footer
Add a custom sidebar
Clone this wiki locally