My hardware security token stopped working2020-06-06
A few days ago, my token stopped working on my home Windows installation. It was still working fine on my work PC.
Coincidentally, I had switched to a Windows Insider build in the same period. The new FIDO2 compliant successor of my token (Feitian ePass FIDO NFC) also had been released, so all in all, I first thought a driver update might be responsible.
I tried to block Windows Update from auto-installing drivers and reset a lot of things, but to no avail.
I was actually trying to see if I could switch my KeePass plugin to PKCS11 to use the token (spoiler: no. The OpenSC PKCS11 driver—the only one I found for this token—does not support encryption☹) when I found the cause of the malfunction, and managed to fix it.
The driver for GIDS smart cards is integrated in Windows. My understanding is that Windows uses a minidriver system in this case, where each vendor only implement a few functions that plug into the main driver.
All these minidrivers are registered in the Windows registry under the
I still haven't figured what exactly, but something related to my token got messed up in there, and I suspect Windows wasn't using the correct minidriver anymore (or it got misconfigured).
It turns out, the fix is relatively simple: delete the key related to the token!
I strongly advise you to make a backup before doing that, in case it breaks things even more, but in my case, it worked like a charm! 🙂
For completion, and in case it can help someone figure what was wrong with it, here is the key I exported before deleting it:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais\SmartCards\ePass FIDO NFC] @="" "ATR"=hex:3b,f9,13,00,00,81,31,fe,45,4a,43,4f,50,32,34,32,52,33,a2 "ATRMask"=hex:ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff "Crypto Provider"="Microsoft Base Smart Card Crypto Provider" "Smart Card Key Storage Provider"="Microsoft Smart Card Key Storage Provider" "80000001"="eps_piv_csp11.dll"