Manually importing keys into a smart card
Published Jan 24 2020 01:42 PM 744 Views
Microsoft

First published on TECHNET on Nov 13, 2007

 

Have you thought about moving a certificate including its (exportable) keys from a user's profile into a smart card? There are three simple steps required to do this if the Microsoft Base Smart Card Crypto Service Provider is available on a computer.

 

 

 

 

 

 

 

1. As the first step, two registry keys must be modified to permit the import operation.

 

 

 

 

 

 

 

· HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto

 

 

 

Provider\AllowPrivateExchangeKeyImport=DWORD:0x1

 

 

 

· HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto

 

 

 

Provider\AllowPrivateSignatureKeyImport=DWORD:0x1

 

 

 

 

 

 

 

Those registry keys are also documented in the Smart Card Minidriver Specification for Windows Base Cryptographic Service Provider (Base CSP) an... and the SmartCard Infrastructure blog.

 

 

 

 

 

 

 

2. As a next step, the certificate and the keys must be made available as a PFX file. The easiest way to create the file is with the Certificate Export Wizard.

 

 

 

a. Click Start , Run and type certmgr.msc

 

 

 

b. In the left pane, click Personal , Certificates

 

 

 

c. Select a certificate in the right pane .

 

 

 

d. From the Action menu, click All Tasks and then Export .

 

 

 

e. Make sure that the private key is exported.

 

 

 

Look after the PFX file, because it contains a private key!

 

 

 

 

 

 

 

3. Finally, importing a key into a smart card is a single command at a command-line. The certutil-version that ships with Windows Server 2003 SP1 or a later Windows version is required to perform the operation.

 

 

 

 

 

 

 

certutil –csp " Microsoft Base Smart Card Crypto Provider " –importpfx {PFXfile}

 

 

 

 

 

 

 

After the import has finished, remove the PFX file that was created in step #2.

 

Version history
Last update:
‎Feb 20 2020 02:44 PM
Updated by: