MiniDriver

The MiniDriver section controls the behavior of the MiniDriver component. Our MiniDriver is not that much of a real MiniDriver as Microsoft intended when implementing the standard: a simple layer between the caller and the smart card. Instead we have focused on enabling all our smart cards to be accessible using the MiniDriver interface. Most of the parameters are used to control the mapping between MiniDriver and the real smart card support, which will be using the PKCS#11 interface.

[MiniDriver]
AllowCertificate=
AllowToken=0x01
:CertificateCompression=1
:CheckFileCMap=0
ComponentEnable=1
ComponentDisable=0
:FileCacheDisable=0
:GuidKeyId=1
:IgnoreFileCardCF=0
:IgnoreFileCMap=0
IgnoreLogout=0
:KeyGeneration=1
:KeyMinSize=0
:KeyMaxSize=0
:NoPkcs11Certificate=0
:NoPkcs11Keys=0
:PinCacheDisable=0
:PinCacheNonRep=0
:PinCacheTimeout=0
:ProviderName=Microsoft Base Smart Card Crypto Provider
:ProviderType=1
:ReadOnly=0
RegisterCardPrefix={product-name} #
:ReplaceCertificate=1
SortCertificate=0
:UseExternCardCF=0
:UseSuppliedPadding=0
:Version=7
:WriteBlockSize=192

AllowCertificate

Our MiniDriver allows all certificates by default, but there are scenarios when some certificates should be ignored. The AllowCertificate parameter specifies the matching condition that should be fulfilled.

[MiniDriver]
AllowCertificate={MatchCertificateMD}

AllowToken

Our MiniDriver allows all smart cards by default, but there are scenarios when some tokens should be ignored. The AllowToken parameter specifies the matching condition, see Tokens for more information.

[MiniDriver]
AllowToken=0x01

CertificateCompression

Our MiniDriver handles certificate compression, but the parameter can also disable the compression and let the caller handle it. We do not recommend to use this, since our MiniDriver need the real certificate value. But it can still be used during certification testing.

[MiniDriver]
:CertificateCompression=1

Values

0

off

1

on

ComponentEnable, ComponentDisable

The ComponentEnable and ComponentDisable parameters allows the use of conditions to blacklist and/or whitelist an applications' use of the MiniDriver.

[MiniDriver]
ComponentEnable=1
ComponentDisable=0

Values

0

off

1

on

CheckFileCMap

The CheckFileCMap parameter verifies the MiniDriver cmapfile towards the actual certificates/key pairs stored on the smart card at loading time.

The CheckFileCMap setting is used for certification testing.
[MiniDriver]
:CheckFileCMap=0

Values

0

off

1

on

FileCacheDisable

The FileCacheDisable parameter disables the MiniDriver file cache.

The FileCacheDisable setting is used for certification testing.
[MiniDriver]
:FileCacheDisable=0

Values

0

off

1

on

GuidKeyId

The GuidKeyId parameter specifies whether smart card key identifier should be used as key identifier or if a GUID should be generated.

The GuidKeyId setting is used for certification testing.
[MiniDriver]
:GuidKeyId=1

Values

0

off

1

on

IgnoreFileCardCF

The IgnoreFileCardCF parameter disables cardcf written by caller, instead automatically generated.

The IgnoreFileCardCF setting is used for certification testing.
[MiniDriver]
:IgnoreFileCardCF=0

Values

0

off

1

on

IgnoreFileCMap

The IgnoreFileCMap parameter disables cmapfile written by caller, instead automatically generated.

The IgnoreFileCMap setting is used for certification testing.
[MiniDriver]
:IgnoreFileCMap=0

Values

0

off

1

on

IgnoreLogout

The IgnoreLogout parameter disables all attempts to logout a smart card by the caller, to avoid interference with single sign-on.

[MiniDriver]
IgnoreLogout=0

Values

0

off

1

on

KeyGeneration

The MiniDriver handles key generation, but the KeyGeneration parameter is used to disable the key generation and let the caller handle it.

The KeyGeneration setting is used for certification testing.
[MiniDriver]
:KeyGeneration=1

Values

0

off

1

on

KeyMinSize, KeyMaxSize

The MiniDriver reads actual supported key sizes from the smart card. Use these parameters to limit the values. The key sizes are in bits.

[MiniDriver]
KeyMinSize=0x0400
KeyMaxSize=0x0800

NoPkcs11Certificates

The MiniDriver generates cmapfile from certificate and key pairs on the smart card by default. The NoPkcs11Certificates parameter disables the loading of certificates.

The NoPkcs11Certificates setting is used for certification testing.
[MiniDriver]
:NoPkcs11Certificate=0

Values

0

off

1

on

NoPkcs11Keys

The MiniDriver generates cmapfile from certificate and key pairs on the smart card by default. The NoPkcs11Keys parameter disables the loading of key pairs.

The NoPkcs11Keys setting is used for certification testing.
[MiniDriver]
:NoPkcs11Keys=0

Values

0

off

1

on

PinCacheDisable

The MiniDriver can specify that the PIN should be cached or not, single sign-on provided by caller.

[MiniDriver]
:PinCacheDisable=0

Values

0

off

1

on

PinCacheNonRep

The MiniDriver may specify that the non-repudiation PIN should be cached or not, single sign-on provided by caller.

[MiniDriver]
:PinCacheNonRep=0

Values

0

off

1

on

PinCacheTimeout

The MiniDriver can specify how long the PIN should be cached by caller. The value is in number of seconds, 0 for no timeout.

[MiniDriver]
:PinCacheTimeout=0

ProviderName

ProviderName is the name of the CSP that our certificate propagation service registers certificate to, that is Microsoft Base Smart Card Crypto Provider.

[MiniDriver]
:ProviderName=Microsoft Base Smart Card Crypto Provider

ProviderType

ProviderType is the type of CSP that our certificate propagation service registers certificate to, that is Microsoft Base Smart Card Crypto Provider.

#define PROV_RSA_FULL 1
#define PROV_RSA_AES 24

[MiniDriver]
:ProviderType=1

ReadOnly

The ReadOnly parameter disables all updating of the smart card via the MiniDriver interface.

The ReadOnly setting is used for certification testing.
[MiniDriver]
:ReadOnly=0

Values

0

off

1

on

RegisterCardPrefix

The RegisterCardPrefix parameter sets the prefix to use when registering supported smart cards.

[MiniDriver]
RegisterCardPrefix={product-name} #

ReplaceCertificate

The ReplaceCertificate parameter specifies if an existing certificate (using same key ID) should be overwritten when a new certificate is written.

The ReplaceCertificate setting is used for certification testing.
[MiniDriver]
:ReplaceCertificate=1

Values

0

off

1

on

SortCertificate

The certificate can be sorted before it is returned to the calling application. This allows some kind of default certificate control, but should probably not be used any longer since it only tells in what sequence the MiniDriver will return certificates. The intended function is to control the order of certificates for a certificate selection dialog, but there are too many layers of interfaces to predict the outcome. For example, the order can be updated by CryptoAPI or the certificate selection dialog.

// 0x01 => Newest first
// 0x02 => Oldest first
// 0x04 => Invert

[MiniDriver]
SortCertificate=0x00

UseExternCardCF

The MiniDriver file cardcf is used as update counter, and some smart cards are using the same format for their smart cards. The UseExternCardCF parameter synchronizes those values.

[MiniDriver]
:UseExternCardCF=0

Values

0

off

1

on

UseSuppliedPadding

The MiniDriver handles padding of data before signature, or after decryption. This parameter is used to disable the padding and let the caller handle it.

[MiniDriver]
:UseSuppliedPadding=0

Values

0

off

1

on

Version

The MiniDriver supports version 4 to 7. The Version parameter limits the support to a lower number.

[MiniDriver]
:Version=7

Values

The version is between 4 and 7. Default is 7.

UseSuppliedPadding

The MiniDriver generates a virtual file system to handle the files and directories created. To increase performance on some smart cards, it is recommended to allocate the virtual file system in blocks.

[MiniDriver]
:WriteBlockSize=192

Values

The size is in bytes.