GIDS Smart Card

A read/write PKI smart card with a driver built into Windows — no installation required.

Download the applet

Free open-source JavaCard applet. After flashing, initialize with OpenSC (gids-tool -X) or our initialization tool.

Download

Open source on GitHub

The GIDS applet and OpenSC integration are freely available and maintained on GitHub.

View on GitHub
Overview

The Generic Identity Device Specification (GIDS) is the only PKI smart card standard with a driver built into every Windows installation since Windows 7 SP1 — and it supports both read and write operations with no additional driver installation.

My Smart Logon provides a free JavaCard applet to transform any compatible low-cost JavaCard into a GIDS smart card, along with OpenSC integration for Linux and macOS.

certutil -scinfo
certutil -scinfo
PKCS#11 compatibility
PKCS#11 compatibility
Smart card manager
Smart card manager
Initialization tool
Initialization tool
Features
Feature Details
Windows driverNone required — built-in since Windows 7 SP1
PKCS#11OpenSC
CryptographyRSA 1024 and RSA 2048
AuthenticationPIN and administrator authentication; Windows integrated unblock compatible
Pinpad supportOpenSC only
Cross-platformWindows (minidriver), Linux & macOS (OpenSC/PKCS#11)
Requirements
  • JavaCard 2.2.1 or above — see the list of tested cards
  • Implementation of requestObjectDeletion() is recommended for proper file deletion
  • Windows 7 SP1 / Server 2008 R2 or later for the minidriver; OpenSC for PKCS#11
FAQ & Known issues

The Microsoft GIDS minidriver only implements RSA 1024 and RSA 2048. ECC support will be added when Microsoft updates their minidriver.
Our findings are documented here.

Yes — via the built-in Windows minidriver or the OpenSC PKCS#11 library. Note: TrueCrypt is currently not supported by the OpenSC implementation, but this can be addressed in a fork.

Two methods are available depending on your OS and tooling:
Method 1 — Windows minidriver (Windows 10+, recommended)
Follow this procedure using the built-in Windows certificate import wizard or certutil: 
certutil -csp "Microsoft Base Smart Card Crypto Provider" -importpfx -p <passphrase> <file.p12>
After import, verify with: certutil -scinfo
Method 2 — OpenSC (all Windows versions)
Use OpenSC 0.16+ and run: 
"C:\Program Files (x86)\OpenSC Project\OpenSC\tools\pkcs15-init.exe" --auth-id 80 --pin <pin> --verify-pin -f PKCS12 --passphrase "<passphrase>" -S <file.p12>
Then check: certutil -scinfo or pkcs15-tool.exe -D
Note: the Windows 7 native GIDS driver does not support P12 imports — use Method 2 on Windows 7.
Known issue: Microsoft and OpenSC load the PIV applet before the GIDS applet. If both are installed on the same card, GIDS data will not be readable. Additionally, Windows caches the applet type (PIV vs GIDS) by ATR in the registry under the Calais key — delete that entry or change the ATR to resolve conflicts. On x64 systems, this entry exists in both the normal and Wow64 registry nodes.