IE7 Smartcard PIN Prompt

views:

373

answers:

IE7 Smartcard PIN Prompt

I can open as many instances of IE7 as I want and I get prompted for a cert each time (but no PIN). However, if I close any of the instances of IE7, then on the next open I get the PIN prompt. So it seems to me that the IE7 program is doing something when it is closed to tell the smart card to "expire" the current PIN. I would like to find out what IE7 is doing to cause that to happen (when it closes) because I want my program to be able to do that too. Any ideas on how I could find that out?

Thanks!

+2 A:

Resetting the card will exipre the PIN. See this answer for more information.

Adam Liss 2009-11-28 05:14:36

Thanks Adam _ I appreciate the response. I will try to figure out if there is some way I can programatically reset the card, and that might solve my problem!

ag5653 2009-11-29 23:50:22

Just to make sure we are using the same vocabulary, by "reset", you don't mean changing the PIN number do you? I definitely don't wnat to do that. I just want to make the card prompt for the PIN again.

ag5653 2009-11-29 23:54:28

Right. Clearly you don't want to change the PIN; you just want to end the transaction so the card behaves as if you've just re-inserted it. Can you provide more details about the programming environment, language, and API you're using? You may also find helpful information on the OpenSC project site: http://www.opensc-project.org

Adam Liss 2009-11-30 01:35:43

Adam, thanks for being so patient with me. The web pages are asp.net (mostly), c# on the server side and javascript on the client side. The card is a CAC. The middleware is ActivClient but I don't have their SDK, I've been playing around with CAPICOM. The browser is always IE7. I have javascript that clears the SSL Cache (causing the certificate dialog to reprompt) but I don't see anyway to cause the PIN dialog to reprompt.

ag5653 2009-12-01 22:55:21

Funny, I think I'm about to run into the opposite problem: I'm building an embedded device that reads CACs using C, and I _want_ the PIN to be cached. Perhaps the discussion at http://www.eggheadcafe.com/software/aspnet/31611074/cryptacquirecertificatepr.aspx will start you in the right direction. Otherwise, the card should re-prompt for the PIN if you try to access the private key; you may be able to do this by asking it to sign or decrypt a throw-away piece of data.

Adam Liss 2009-12-02 01:51:02

You know I actually thought of that! There is an option in the activClient software that toggles pin prompting on private key access which is how I became aware of it. But it would have to be client-side and I can't figure out which cert has been selected. On the server side, the request object tells me that. Re your "opposite" problem - if ActivClient can prevent the smartcard from prompting on private key access then I would guess that you probably can too.

ag5653 2009-12-02 03:42:17

The PIN caching behavior you are observing might just be a middleware administration matter. See chapter 8 of the ActivClient Administrators guide. Pin caching can be session, or process based, among other criteria like intended key usage, timeouts, and whitelists.

There is a good chance that closing the keystore is not possible in regular javascript. That kind of operation might cross some security boundary.

Ajith Antony 2010-09-28 09:08:46

ansaurus

tags:

views:

answers:

IE7 Smartcard PIN Prompt

related questions