From f074e91d7fe079ab9594cff178be1be8b43b3622 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 6 Nov 2023 16:35:41 -0500 Subject: [PATCH] updates --- .../smart-cards/smart-card-architecture.md | 4 ++-- ...-card-certificate-requirements-and-enumeration.md | 12 ++++++------ .../smart-cards/smart-card-debugging-information.md | 10 +++++----- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md index 3318a8ee19..97b5d943d7 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md +++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md @@ -140,8 +140,8 @@ Similarly, in response to a NCryptOpenKey call in CNG, the smart card KSP tries | **Type** | **Name** | **Format** | |----------|----------|------------| -| I | Reader Name and Container Name | `\.\\` | -| II | Reader Name and Container Name (NULL) | `\.\` | +| I | Reader Name and Container Name | `\.` | +| II | Reader Name and Container Name (NULL) | `\.` | | III | Container Name Only | `` | | IV | Default Container (NULL) Only | NULL | diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index be6c3a00a1..6d032bebd3 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -16,7 +16,7 @@ When a smart card is inserted, the following steps are performed. > Unless otherwise mentioned, all operations are performed silently (CRYPT_SILENT is passed to CryptAcquireContext). 1. The smart card resource manager database searches for the smart card's cryptographic service provider (CSP). -1. A qualified container name is constructed by using the smart card reader name, and it is passed to the CSP. The format is *\\.\\ +1. A qualified container name is constructed by using the smart card reader name, and it is passed to the CSP. The format is *\\.\ 1. CryptAcquireContext is called to retrieve a context to the default container. If a failure occurs, the smart card will be unusable for smart card sign-in. 1. The name of the container is retrieved by using the PP_CONTAINER parameter with CryptGetProvParam. 1. Using the context acquired in Step 3, the CSP is queried for the PP_USER_CERTSTORE parameter (added in Windows Vista). For more information, see [Smart Card Architecture](smart-card-architecture.md). If the operation is successful, the name of a certificate store is returned, and the program flow skips to Step 8. @@ -87,11 +87,11 @@ Following are the steps that are performed during a smart card sign-in: > [!NOTE] > The KRB_AS_REP packet consists of: - >- Privilege attribute certificate (PAC) - >- User's SID - >- SIDs of any groups of which the user is a member - >- A request for ticket-granting service (TGS) - >- Preauthentication data + > - Privilege attribute certificate (PAC) + > - User's SID + > - SIDs of any groups of which the user is a member + > - A request for ticket-granting service (TGS) + > - Preauthentication data TGT is encrypted with the master key of the KDC, and the session key is encrypted with a temporary key. This temporary key is derived based on RFC 4556. Using CryptoAPI, the temporary key is decrypted. As part of the decryption process, if the private key is on a smart card, a call is made to the smart card subsystem by using the specified CSP to extract the certificate corresponding to the user's public key. (Programmatic calls for the certificate include CryptAcquireContext, CryptSetProvParam with the PIN, CryptgetUserKey, and CryptGetKeyParam.) After the temporary key is obtained, the Kerberos SSP decrypts the session key. diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md index 810ef34cf7..86aa2d80de 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md +++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md @@ -50,8 +50,8 @@ WPP simplifies tracing the operation of the trace provider. It provides a mechan Using WPP, use one of the following commands to enable tracing: ```cmd -tracelog.exe -kd -rt -start -guid \ -f .\.etl -flags -ft 1 -logman start -ets -p {} - -ft 1 -rt -o .\.etl -mode 0x00080000 +tracelog.exe -kd -rt -start -guid -f ..etl -flags -ft 1 +logman.exe start -ets -p {} - -ft 1 -rt -o ..etl -mode 0x00080000 ``` You can use the parameters in the following table. @@ -74,7 +74,7 @@ To enable tracing for the SCardSvr service: ```cmd tracelog.exe -kd -rt -start scardsvr -guid \#13038e47-ffec-425d-bc69-5707708075fe -f .\scardsvr.etl -flags 0xffff -ft 1 -logman start scardsvr -ets -p {13038e47-ffec-425d-bc69-5707708075fe} 0xffff -ft 1 -rt -o .\scardsvr.etl -mode 0x00080000 +logman.exe start scardsvr -ets -p {13038e47-ffec-425d-bc69-5707708075fe} 0xffff -ft 1 -rt -o .\scardsvr.etl -mode 0x00080000 ``` To enable tracing for `scfilter.sys`: @@ -89,7 +89,7 @@ Using WPP, use one of the following commands to stop the tracing: ```cmd tracelog.exe -stop <*FriendlyName*> -logman -stop <*FriendlyName*> -ets +logman.exe -stop <*FriendlyName*> -ets ``` #### Examples @@ -98,7 +98,7 @@ To stop a trace: ```cmd tracelog.exe -stop scardsvr -logman -stop scardsvr -ets +logman.exe -stop scardsvr -ets ``` ## Kerberos protocol, KDC, and NTLM debugging and tracing