Nitrokey Storage 2 Windows Login with AD

I have the “Nitrokey Storage 2”. I’m trying to login to a Active Directory Windows account. Apparantly there are two different guides for that.

  1. (works fine)
  2. (can’t get it to work)
    The problem I’m facing is that the Windows Certificate Enrollment Agent says that the “OpenPGP card v3.x is read-only”.

What I’ve tried while following the second guide:
modified “C:\Program Files\OpenSC Project\OpenSC\opensc.conf”
(changed the card_atr to the value read by “certutil -scinfo”, tried type 9000 and 9002 (which doesn’t exist in as stated in GitHub & BitBucket HTML Preview ?)

app default {
# debug = 3;
# debug_file = opensc-debug.txt;
framework pkcs15 {
# use_file_caching = true;

card_atr 3B:DA:18:FF:81:B1:FE:75:1F:03:00:31:F5:73:C0:01:60:00:90:00:1C {
type = 9000;
driver = “openpgp”;
# name = “Nitrokey Storage 2”;
md_read_only = false;
md_supports_X509_enrollment = true;

I also modified the registry file from the guide:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\OpenPGP card v3.x]
“Crypto Provider”=“Microsoft Base Smart Card Crypto Provider”
“Smart Card Key Storage Provider”=“Microsoft Smart Card Key Storage Provider”
“80000001”=“C:\Program Files\OpenSC Project\OpenSC\minidriver\opensc-minidriver.dll”

Any help is appreciated. Thanks in advance


at first, I can not promise that this will work at all (yet), but I cross my fingers and would be glad to see it working for you! I am willing to help you, too :smile:

You need to install the very latest version of OpenSC, so current stable 0.19 is not enough as it only has basic OpenPGP Card v3 support, but no ECC support yet. Please try this release candidate, maybe this already solves your issue.

I am eager to hear about the results!

Kind regards

thanks for your answer.
Unfortunately I haven’t gotten it to work with the very latest OpenSC version (OpenSC-0.20.0-rc2).

Please specify which version you use.