Skip to content
Raul Metsma edited this page Jan 24, 2018 · 42 revisions

Minidriver for EstEID ID-cards

Background:

For ATRFilter see https://github.com/open-eid/minidriver/wiki/Atrfilter

Supported platforms:

  • Windows 7 (x86, x64), Windows Server 2008 R2
  • Windows 8.1 (x86, x64), Windows Server 2012, Windows Server 2008 R2
  • Windows 10 (x86, x64), Windows Server 2016

Supported features:

  • pinpad
    • Can be disabled with creating registriy key's
[HKEY_LOCAL_MACHINE\SOFTWARE\RIA\minidriver]
"disablepinpad"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RIA\minidriver]
"disablepinpad"=dword:00000001
  • hash algorithms
    • SHA1, SHA-256, SHA-384, SHA-512
  • Logging can be enabled by creating esteidcm.log file to user %TEMP% folder
    • Logging in RDP session written in Server to %TEMP% esteidcm.log

Implemented API

DllMain
CardAcquireContext
CardDeleteContext
CardGetContainerProperty
CardSetContainerProperty
CardGetProperty
CardSetProperty
CardQueryCapabilities
CardCreateContainer
CardGetContainerInfo
CardAuthenticatePin
CardAuthenticateEx
CardEnumFiles
CardGetFileInfo
CardReadFile
CardWriteFile
CardQueryFreeSpace
CardQueryKeySizes
CardRSADecrypt
CardSignData

Not Implimented API

CardDeleteContainer
CardUnblockPin
CardChangeAuthenticator
CardCreateDirectory
CardDeleteDirectory
CardCreateFile
CardDeleteFile
CardConstructDHAgreement
CardDeriveKey
CardDeriveKey
CspGetDHAgreement
CardGetChallenge
CardAuthenticateChallenge
CardGetChallengeEx
CardChangeAuthenticatorEx
CardDeauthenticate
CardDeauthenticateEx

Usage:

Diagnostics

  • To verify installation of minidriver open Command Prompt and run C:\Windows\System32\certutil -scinfo command.

Testing unsigned driver

Run in CMD with administrator rights:

bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

bcdedit.exe -set TESTSIGNING ON

Restart windows

Clone this wiki locally
You can’t perform that action at this time.