-
Notifications
You must be signed in to change notification settings - Fork 15
Home
Üldist:
- MS spetsifikatsioon: https://msdn.microsoft.com/en-us/library/windows/hardware/dn631754%28v=vs.85%29.aspx
- Implementeeritud: versioon 5, 6, 7.
To create an installation application that will add this service as an upper filter for all smartcard readers {50DD5230-BA8A-11D1-BF5D-0000F805F530}, see this MSDN article: http://msdn.microsoft.com/en-us/library/ms791322.aspx
Right-click atrfilter/x86/atrfiltr.inf and select Install
Reconnect your smart card reader
Run "Command Prompt"
Execute sc query atrfiltr
Desired output:
SERVICE_NAME: atrfiltr TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
Note: to bypass x64 system driver signature verification feature refer to this manual
Right-click atrfilter/x64/atrfiltr.inf and select Install
Reconnect your smart card reader
Run "Command Prompt"
Execute sc query atrfiltr
Desired output:
SERVICE_NAME: atrfiltr TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
Note: you still need to disable driver signature verification in case of x64 system
copy atrfiltr.sys to %WINDIR%/system32/driver
Launch "Command prompt" as Administrator
Execute: sc create atrfiltr binPath= system32\drivers\atrfiltr.sys type= kernel start= demand error= normal
Desired message will be "[SC] CreateService SUCCESS"
Replace scfilter with atrfiltr under registry value: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}\UpperFilters"
Reconnect smartcard reader to load ATRFilter driver
Launch "Command prompt"
Execute sc query atrfiltr
Desired output should be
SERVICE_NAME: atrfiltr TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
SERVICE_NAME: scfilter TYPE : 1 KERNEL_DRIVER STATE : 1 STOPPED WIN32_EXIT_CODE : 1077 (0x435) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0
Toetatud platvormid:
- Windows 7 (x86, x64), Windows 8/8.1 (x86, x64)
- 3.7.0.787
- Windows 7 (x86, x64), Windows 8/8.1 (x86, x64)
- 3.8.0.1119
- Windows 7 (x86, x64), Windows 8/8.1 (x86, x64)
- lisatud 3.5 kaardi tugi
- lisatud pinpad lugejate tugi
- 3.10.0.1160
- Windows 7 (x86, x64), Windows 8/8.1 (x86, x64)
- Erindid
Toetatud featuurid (vajadusel seos MD speki versiooniga):
- pinpad
- räsid
- MD5, SHA1, SHA_224, SHA_256, SHA_384, SHA_512
- UX
- Logging / Debuging and other usefull stuff in minidriver https://github.com/open-eid/smartcardpp/wiki
- Set currently used spec version With this you can control wich minidriver spec is in use. Supported 5, 6, 7
- Turn on test mode This will disable PIN change and PIN unblock functions. Set testmode value in key HKEY_LOCAL_MACHINE\Software\SK\EstEIDMinidriver to 1.
- erindid
Implemented API
DllMain
CardAcquireContext
CardDeleteContext
CardGetContainerProperty
CardSetContainerProperty
CardGetProperty
CardSetProperty
CardQueryCapabilities
CardCreateContainer
CardGetContainerInfo
CardAuthenticatePin
CardAuthenticateEx
CardEnumFiles
CardGetFileInfo
CardReadFile
CardWriteFile
CardQueryFreeSpace
CardQueryKeySizes
CardRSADecrypt
CardSignData
Not Implimented API
CardDeleteContainer
CardUnblockPin
CardChangeAuthenticator
CardCreateDirectory
CardDeleteDirectory
CardCreateFile
CardDeleteFile
CardConstructDHAgreement
CardDeriveKey
CardDeriveKey
CspGetDHAgreement
CardGetChallenge
CardAuthenticateChallenge
CardGetChallengeEx
CardChangeAuthenticatorEx
CardDeauthenticate
CardDeauthenticateEx
Kasutamine:
- CNG
- https://msdn.microsoft.com/en-us/library/windows/desktop/aa376210(v=vs.85).aspx
- Vista/Server 2008 and onwards
- CryptoAPI
Diagnostics
- To verify installation of minidriver open Command Prompt and run C:\Windows\System32\certutil -scinfo command.
Puudused ja implementation notes:
- Minidriver ise (sõltuvalt versioonist)
- PIN lukus mitte kuvamine enne sisestust (kõik versioonid). Works as designed. Limited by CNG architecture. (IB-2069)
- UI keele muutmine. Control Panel\Clock, Language, and Region\Region and Language\Formats\Format. Supported en-US, ru-RU, et-EE formats
- Windowsi domeeni sisse logimine ei õnnestu vahest. Error code ERROR_GEN_FAILURE - "A device attached to the system is not functioning." https://technet.microsoft.com/en-us/library/cc978749.aspx?f=255&MSPPError=-2147217396 (1) it is switched off, or connected improperly; (IB-3690)
- Minidraiver ei vähenda liiga lühikese pin2 korral loendurit. PIN värtuse konroll asub funktsiooni alguses, nii et veakood SCARD_W_WRONG_CHV tagastatakse kohe, ja PINi valideerimis käsk kaardini ei jõua. (IB-3837)
- Rohitab API monitor näitab et mõnikord SCardEndTransaction tagastab veakoodi SCARD_E_NOT_TRANSACTED, mida võib ignereerida. (IB-3900)
- Google Chrome crashes when running in Windows 8 Mode (Metro mode). IB-3520
- Windows whole package installer uninstalls also minidriver but atrfilter remains IB-3174
- Minidriver läbi CNG
- ...
- Minidriver läbi CAPI
- ...
- Ehitamine
- miks pole static ?
Liigutada õigesse kohta:
- UI lisainfo kuvamine
Mis rakendus kuidas läheneb:
- IE
- Chrome
- allkirja plugin
- outlook
- schannel ?