Hi,
I have the “Nitrokey Storage 2”. I’m trying to login to a Active Directory Windows account. Apparantly there are two different guides for that.
- https://www.nitrokey.com/documentation/windows-logon-and-smime-email-encryption-with-active-directory (works fine)
-
https://www.nitrokey.com/login-nitrokey-windows-domain-computers-using-ms-active-directory (can’t get it to work)
The problem I’m facing is that the Windows Certificate Enrollment Agent says that the “OpenPGP card v3.x is read-only”.
What I’ve tried while following the second guide:
modified “C:\Program Files\OpenSC Project\OpenSC\opensc.conf”
(changed the card_atr to the value read by “certutil -scinfo”, tried type 9000 and 9002 (which doesn’t exist in https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/cards.h as stated in GitHub & BitBucket HTML Preview ?)
app default {
# debug = 3;
# debug_file = opensc-debug.txt;
framework pkcs15 {
# use_file_caching = true;
}
}
card_atr 3B:DA:18:FF:81:B1:FE:75:1F:03:00:31:F5:73:C0:01:60:00:90:00:1C {
type = 9000;
driver = “openpgp”;
# name = “Nitrokey Storage 2”;
md_read_only = false;
md_supports_X509_enrollment = true;
}
I also modified the registry file from the guide:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\OpenPGP card v3.x]
“Crypto Provider”=“Microsoft Base Smart Card Crypto Provider”
“Smart Card Key Storage Provider”=“Microsoft Smart Card Key Storage Provider”
“80000001”=“C:\Program Files\OpenSC Project\OpenSC\minidriver\opensc-minidriver.dll”
“ATR”=hex:3b,da,18,ff,81,b1,fe,75,1f,03,00,31,f5,73,c0,01,60,00,90,00,1c
“ATRMask”=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
Any help is appreciated. Thanks in advance
