My hardware security token stopped working
2020-06-06I bought a cheap security token some times ago. Since then, I've been using it and even did some project specifically for it.
A few days ago, my token stopped working on my home Windows installation. It was still working fine on my work PC.
Coincidentally, I had switched to a Windows Insider build in the same period. The new FIDO2 compliant successor of my token (Feitian ePass FIDO NFC) also had been released, so all in all, I first thought a driver update might be responsible.
I tried to block Windows Update from auto-installing drivers and reset a lot of things, but to no avail.
I was actually trying to see if I could switch my KeePass plugin to PKCS11 to use the token (spoiler: no. The OpenSC PKCS11 driver—the only one I found for this token—does not support encryption☹) when I found the cause of the malfunction, and managed to fix it.
The cause
The driver for GIDS smart cards is integrated in Windows. My understanding is that Windows uses a minidriver system in this case, where each vendor only implement a few functions that plug into the main driver.
All these minidrivers are registered in the Windows registry under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards
key.
I still haven't figured what exactly, but something related to my token got messed up in there, and I suspect Windows wasn't using the correct minidriver anymore (or it got misconfigured).
Fixing it
It turns out, the fix is relatively simple: delete the key related to the token!
I strongly advise you to make a backup before doing that, in case it breaks things even more, but in my case, it worked like a charm! 🙂
For completion, and in case it can help someone figure what was wrong with it, here is the key I exported before deleting it:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\ePass FIDO NFC]
@=""
"ATR"=hex:3b,f9,13,00,00,81,31,fe,45,4a,43,4f,50,32,34,32,52,33,a2
"ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff
"Crypto Provider"="Microsoft Base Smart Card Crypto Provider"
"Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider"
"80000001"="eps_piv_csp11.dll"
The comment is shown highlighted below in context.
JavaScript is required to see the comments. Sorry...