Skip to content
windows integrated virtual smart card
Got a problem with Viscosity or need help? Ask here!
Hello there,
i was playing around with creating a virtual smart card in windows.
Authentication within windows works fine and it all seems running.
We were using smart cards with viscosity configurated as shown here:
https://www.sparklabs.com/support/kb/ar ... ptoapicert
Somehow the same procedure does not work with an TPM Virtual Smart Card.
I was using these Microsoft articles to create the TPM VSC
https://docs.microsoft.com/en-us/window ... requisites
https://docs.microsoft.com/en-us/window ... mart-cards
https://docs.microsoft.com/en-us/window ... -tpmvscmgr
Does this work for anyone else ?
I would appreciate feedback
i was playing around with creating a virtual smart card in windows.
Authentication within windows works fine and it all seems running.
We were using smart cards with viscosity configurated as shown here:
https://www.sparklabs.com/support/kb/ar ... ptoapicert
Somehow the same procedure does not work with an TPM Virtual Smart Card.
I was using these Microsoft articles to create the TPM VSC
https://docs.microsoft.com/en-us/window ... requisites
https://docs.microsoft.com/en-us/window ... mart-cards
https://docs.microsoft.com/en-us/window ... -tpmvscmgr
Does this work for anyone else ?
I would appreciate feedback
Hi NL_,
Could you please post a complete copy of your log with the verb raised, this should reveal more information about what is going on - https://sparklabs.com/support/kb/articl ... ed-logging
As this is a public forum, you may wish to email this to us instead - https://sparklabs.com/support#contact
Regards,
Eric
Could you please post a complete copy of your log with the verb raised, this should reveal more information about what is going on - https://sparklabs.com/support/kb/articl ... ed-logging
As this is a public forum, you may wish to email this to us instead - https://sparklabs.com/support#contact
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Hi NL_,
Thanks for emailing the log. The log indicates that the TPM has denied access to the request to sign. The signing request is originating from the service in your log.
As a first step, if possible, please move your virtual smart key to the user-scope certificate store so it is only accessible by the local user. This will make Viscosity fall back to signing from the local user which may allow signing access.
If this doesn't work, please check for any permission or security access descriptors for your smart key.
If this doesn't help, it's possible the virtual smart key or TPM does not support a signing format that OpenSSL/OpenVPN requires. The key needs to support signing either ECDSA or PKCS1 with or without PSS padding depending on your certificate.
Regards,
Eric
Thanks for emailing the log. The log indicates that the TPM has denied access to the request to sign. The signing request is originating from the service in your log.
As a first step, if possible, please move your virtual smart key to the user-scope certificate store so it is only accessible by the local user. This will make Viscosity fall back to signing from the local user which may allow signing access.
If this doesn't work, please check for any permission or security access descriptors for your smart key.
If this doesn't help, it's possible the virtual smart key or TPM does not support a signing format that OpenSSL/OpenVPN requires. The key needs to support signing either ECDSA or PKCS1 with or without PSS padding depending on your certificate.
Regards,
Eric
Eric Thorpe
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
Viscosity Developer
Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
4 posts
Page 1 of 1