Getting Internet Explorer to work with OpenSC: Part 3

It seems as though getting Inter Explorer to work is tricker than expected, especially when it comes to using our European Health Insurance Card.To sum up, we have everything working correctly for the 32 bit version of Windows. Getting it to work is pretty simple since the patches are now upstream and the latest OpenSC installers should "just work". However we still need a small registry tweak for this and as mention ed in a previous post it can simply be added by putting the following into a le and renaming it .reg:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\CPS-Athena]
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"80000001"="opensc-minidriver.dll"
"ATR"=hex:3b,df,18,00,81,31,fe,7d,00,6b,02,0c,01,82,01,11,01,43,4e,53,10,31,80,fc
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\CPS]
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"80000001"="opensc-minidriver.dll"
"ATR"=hex:3b,ff,18,00,ff,c1,0a,31,fe,55,00,6b,05,08,c8,0c,01,11,01,43,4e,53,10,31,80,05
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff

 

Nothing really complicated there once you know what values to enter but things start getting a little complicated when you are installing on a 64 bit Windows machine.

The registry keys needed for a 64 bit machine is simply:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\CPS-Athena]
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"80000001"="opensc-minidriver.dll"
"ATR"=hex:3b,df,18,00,81,31,fe,7d,00,6b,02,0c,01,82,01,11,01,43,4e,53,10,31,80,fc
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
?Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\CPS-Athena]
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"80000001"="opensc-minidriver.dll"
"ATR"=hex:3b,df,18,00,81,31,fe,7d,00,6b,02,0c,01,82,01,11,01,43,4e,53,10,31,80,fc
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
?Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\CPS]
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"80000001"="opensc-minidriver.dll"
"ATR"=hex:3b,ff,18,00,ff,c1,0a,31,fe,55,00,6b,05,08,c8,0c,01,11,01,43,4e,53,10,31,80,05
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
?Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Calais\SmartCards\CPS]
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"80000001"="opensc-minidriver.dll"
"ATR"=hex:3b,ff,18,00,ff,c1,0a,31,fe,55,00,6b,05,08,c8,0c,01,11,01,43,4e,53,10,31,80,05
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff

The card does work on Windows 64 bit when adding the additional registry keys to the Wow6432Node, basically telling Windows where to get some needed 32 bit DLL's. So for everything to run smoothly we need the registry keys aove and we need to install both builds of OpenSC 32 bit and 64 bit. Yes you read that correctly, both have to be installed on a Windows 64 bit install otherwise the card with not work. We think this might be due to the fact that the 32 bit version of Internet Explorer runs as default, under Windows 64 bit, and thus requires some 32 bit libraries. 

Our first problems started when we were trying to add registry keys to Windows 64 bit. The Advanced Installer we were using didnt work, using a batch script to manually write the keys did not work either. This is because Windows 64 bit forecufully redirected all keys to be written to the Wow6432Node, which resulted in the drivers failing. I will write a blog post about that another time but here is an interesting read on what was essentially happening http://http://csi-windows.com/blog/all/27-csi-news-general/266-scripting-migrating-and-managing-registry-data-in-64-bit-windows 

Interesting stuff.

Well we got that problem sorted out and thought we were good to go but then realised we have an even bigger problem. Our goal is to have a simple installer for the citizen that can manage the PIN of the card, log into and use eGov services (drivers required here) and this should all be over oin a few clicks. On a 32 bit system it is over in a few clicks and it works but for a 64 bit system we need both OpenSC installers (32 bit and 64 bit) which is not that easy to add in an installer. Sure we could provide three installers and the problem is solved but the goal is to have everything in *one* installer. We have attempted to copy over all the DLL's that OpenSC installs hoever that does not seem to quite cut it. Next step was to see if there are any missing registry changes. Things again got interesting when using a great piece of software called Process Monitor, here is a screenshot:

With this tool everything can be monitored what happens in Windows when we insert the card, when the installer is run to see what registry chages are made, etc etc. The only trick is finding out extaly what the OpenSC installers are doing, that we are missing. Is it a registry settings, a file that we have overlooked, what is it doing in the background to make it work? Hopefully we find this out soon or we find a way to package the installers in a differnt way.

 

Comments
No comments yet. Be the first.