How do you troubleshoot a minidriver smart card when the minidriver has been installed, but it is still not working? Windows installs the minidriver dll into the windows directory, and sets some specific registry settings so that the cryptographic subsystem can associate the correct dll with the card you are trying to use.
The relevant registry entries are here:
Lets open up Regedit and look:
Under the SmartCards key is a list of the smart cards that Windows recognizes. Each key generally has the following entries:
The ATR is the “Answer To Reset” string provided by the smart card. In this context it serves to identify the smart card. The ATR Mask tells Windows to look only at the significant parts of the ATR. In the example above, all parts are significant.
The Crypto Provider and Smart Card Key Storage Provider entries are always going to as shown for a mini driver smart card. That is because a minidriver is specifically designed to work witht he Microsoft Smart Card providers (it is what makes it a “mini” driver).
The 80000001 value is where the actual minidriver.dll is located. If any of these values is incorrect, the crypto subsystem will not be able to associate the correct dll with the card,l and fail to read the certificates from the card or be able to authenticate to it.
To trouble shoot, you must first know the ATR of the specific card you are trouble shooting. Most smart card readers have utilities that enable you to see the ATR. However, an easier way is to use the CertUtil utility provided my Microsoft on Windows 7. just run the following command:
certutil -v -scinfo
Lets look at some possible results:
In the above example the smart card resource manager is working fine, but the card atr is not in the registry, and so the system cannot use it.