CNG calls for ECC smart card logon
Called from lsass.exe / kerberos.dll
NCryptOpenStorageProvider(handle, CSP, 0);
Remark: this is the CSP from the smart card definition, not the KSP (there is an alias in the KSP definition for the CSP name)
NCryptOpenKey(handle, “\\.\reader\containername”, 0, 96);
NCryptGetProperty(handle, “SmartCardKeyCertificate”, NULL, 0, &size, 0);
NCryptGetProperty(handle, “SmartCardKeyCertificate”, buffer size, &size, 0);
CertCreateCertificateContext(PKCS_7|X509, buffer, size);
NCryptGetProperty(handle, “Unique Nmae”, buffer, 520, &size, 0);
CertSetCertificateContextProperty(handle, CERT_KEY_PROV_INFO_PROP_ID, 0, handle);
CertSetCertificateContextProperty(handle, CERT_KEY_CONTEXT_PROP_ID, 1, handle);
Get the property 12 and 24 via CryptDecodeObjectEx
NCryptSetProperty(handle, “SmartCardPin”, pbBin, (pin length+1)*2, 0);
CryptAcquireContext(&handle,NULL, NULL, PROV_DSS_DH, CRYPT_VERIFYCONTEXT | CRYPTSILENT);
BCryptGenRandom ( 32 bytes and 40 bytes + BCRYPT_USE_SYSTEM_PREFERRED_RNG);
CryptMsgOpenToEncode(CMSG_SIGNED, 1.3.6.1.5.2.3.1);
CryptMsgUpdate();
CryptMsgClose();
NcryptSecretAgreement
NCryptDeriveKey with KDF = Hash algorithm = SHA1 (default?)