Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

CLM Beta 2 Released

October 27, 2006

Congratulations to the Certificate Lifecycle Manager team for releasing Beta 2!  I’m particularly interested in the new Notification and Provisioning APIs, although I’m told that the documentation is pretty weak at this point.  No surprise there - Microsoft usually doesn’t put much effort into that until RTM (or later).

Stay tuned for some sample code demonstrating how to integrate with the new APIs …

Read About Smart Cards Online in Seven Languages!

October 13, 2006

The online link to my MSDN Mag smart card article is here - http://msdn.microsoft.com/msdnmag/issues/06/11/SmartStorage/default.aspx.

New to this month’s edition of the online magazine is that it’s been simultaneously published in English, Spanish, French, German, Russian, Brazilian Portuguese, and Simplified Chinese.  Click on the link, then find the drop down menu in the upper right-hand corner of the page to select your preferred language.  Your preference will be stored as a browser cookie, if you allow them.

Smart Card Development Article in MSDN Magazine

October 10, 2006

I’m proud to have an article published in the November, 2006 edition of MSDN Magazine!  It’s entitled Smart Storage – Protect Your Data Via Managed Code and the Windows Vista Smart Card APIs.  Looks like the online version hasn’t been updated yet; I’ll provide a link as soon as it’s there.

I think the coolest thing about the article, and certainly the aspect of writing it that consumed the most time, is that it demonstrates exposing complex Win32 native APIs to managed code.  This is accomplished via a combination of new native shims and managed PInvoke stubs.  APIs exposed in this manner, which had not been previously available to managed apps at all, include the Windows Smart Card (PC/SC) APIs and the new Smart Card Module API (which accompanies Microsoft’s Base Smart Card Crypto Provider). 

In summary, the article didn’t really have enough space to discuss all of the issues I encountered (i.e. in writing the PInvoke stubs and shims) in as much detail as I would have liked, but I tried to make the sample code quite clear and well-commented.  If you’re a smart card developer, or want to be one, please check it out and let me know what you think.

One additional point that didn’t get addressed in the version of the article that went to press – in order to do anything interesting with the sample code, you’ll need some smart cards, and they must be compatible with the new card module interface mentioned above.  Here are some pointers.

1. Technology vendor Axalto told me they’d be making their card module based Cryptoflex .NET smart card available to developers in summer 2006.  Check out http://www.market.axalto.com.  I have used their cards in testing this project and they work well.  Axalto sells suitable card readers (IFDs) from the same site. 
2. Infineon has also written a solid card module in support of their SICRYPT chip.  Available via the web, various integrators are already offering cards based on that chip.  I found them by searching for “sicrypt card module smart cards.”

(more…)

Search:

Archives

Recent Posts

• The NAP partner ecosystem grows
• SharePoint security deployment checklist
• Wanna sing the blues?
• See you at CONFidence next week!
• Housing/credit crisis - explained

RSS Feed

Blogroll

Security Focus: