Links about smart card infrastructure

A curated reference list of MSDN articles, TechNet posts, and research papers on Windows smart card infrastructure.

General Architecture

Windows Vista Smart Card Infrastructure — Contains container naming reference
The Smart Card Cryptographic Service Cookbook — Contains CryptoAPI calls for Windows logon
Certificate Enumeration — From TechNet

Minidriver

Smart Card Minidriver Specification —
Smart Card Minidriver Certification Requirements — See bottom for CSP sequences: smart card logon, PIN change, enrolment, RunAS…
Minidriver tests for Microsoft Update deployment —
Belgian EID minidriver notes — How to test a minidriver with cmck.exe (from the Windows Logo Kit DTM Controller)

DPAPI

Windows Data Protection — Microsoft reference paper
Export non-exportable keys on Windows —
Reversing DPAPI and stealing Windows Secrets Offline —
DPAPIck —
KB309408: DPAPI limitations with roaming profiles —
DPAPI Secrets — Security analysis and data recovery —

Kernel debug

Authentication

HSPD-12 Logical Access Authentication and Active Directory Domains —

Others

Find out if a smart card was used for logon —

Security Expertise articles

← Back to Security Expertise