Reputation: 1956
What is the proper way to prompt for SmartCard PIN for non-signature requirement?
I have a requirement to use a SmartCard as the authentication mechanism for a WPF app. I can easily get and read the certificate info from the store, and detect whether or not the card is actually inserted into the card reader. However, I want to prompt the user to enter their PIN as a part of the initial login. Just having the card isn't enough to verify their identity to the app.
I can get the PIN prompt if I use the certificate to sign some data, and just use some dummy data to get the desired behavior, but it seems like the wrong way to go about it. I'd think I should be able to get the PIN prompt as a part of some other method that would just return a boolean result. Am I missing something?
Upvotes: 2
Views: 1737
Answers (1)
Reputation: 4142
That's the correct thing to do. Now verify that the given signature actually contains your "random data" (the nonce) to cryptographically verify the identity. Just asking for the PIN is not authentication.
Upvotes: 0
Related Questions
- Setting PIN prompt in Smart Card Crypto Provider's dialog box
- Setting smartcard PIN programmatically using GetRSAPrivateKey and .net core
- How to check for matching Certificate in SmartCard reader?
- X509Certificate2: determine if certificate private key belongs to an hardware device, and if it needs a PIN
- Pin verification for Gemalto .net smart card using c#
- How to decide that a certificate in the store is smart card related or not?
- How to send a PIN verification CODE to a smartcard using APDU - Using .NET
- How to gain access to private key of PKI certificate via Smart Card reader without PIN prompt?
- Force pin for signing data(SignedXml)?
- Verify windows log-in via smart card