Share via


ExecuteOperations.GetBaseCspResponse Method

Calculate and return the Base CSP response to a provided challenge.

Namespace: Microsoft.Clm.Provision
Assembly: Microsoft.Clm.Provision (in Microsoft.Clm.Provision.dll)

Usage

'Usage
Dim smartcardUuid As Guid
Dim challenge As Byte()
Dim keyVersion As AdminKeyVersion
Dim atr As String
Dim cardId As Guid
Dim returnValue As Byte()

returnValue = ExecuteOperations.GetBaseCspResponse(smartcardUuid, challenge, keyVersion, atr, cardId)

Syntax

'Declaration
Public Shared Function GetBaseCspResponse ( _
    smartcardUuid As Guid, _
    challenge As Byte(), _
    keyVersion As AdminKeyVersion, _
    atr As String, _
    cardId As Guid _
) As Byte()
public static byte[] GetBaseCspResponse (
    Guid smartcardUuid,
    byte[] challenge,
    AdminKeyVersion keyVersion,
    string atr,
    Guid cardId
)
public:
static array<unsigned char>^ GetBaseCspResponse (
    Guid smartcardUuid, 
    array<unsigned char>^ challenge, 
    AdminKeyVersion keyVersion, 
    String^ atr, 
    Guid cardId
)
public static byte[] GetBaseCspResponse (
    Guid smartcardUuid, 
    byte[] challenge, 
    AdminKeyVersion keyVersion, 
    String atr, 
    Guid cardId
)
public static function GetBaseCspResponse (
    smartcardUuid : Guid, 
    challenge : byte[], 
    keyVersion : AdminKeyVersion, 
    atr : String, 
    cardId : Guid
) : byte[]

Parameters

  • smartcardUuid
    A Guid object that identifies the smart card for the operation.
  • challenge
    An array of bytes that contains the challenge string that is generated by the smart card.
  • keyVersion
    An AdminKeyVersion value that specifies the version of the administrator key that can be used to calculate the response.
  • atr
    A String object that contains the Answer To Reset (ATR) for the smart card.
  • cardId
    A Guid object that represents the smart card’s card identifier.

Return Value

An array of bytes that contains the response to the smart card’s challenge.

Remarks

This method calculates the response to a previously generated challenge by the smart card during a challenge-response administrator authentication sequence as defined in Base CSP.

In order for a call to this method to succeed, the caller of the method must be authorized to call the methods in the Sensitive API group. The Sensitive API group includes those methods where the caller has access to sensitive data. This includes the administrator PIN, the user PIN, the Base CSP administrator authentication key, and/or the Base CSP challenge response information.

To allow for a user, or a group of users, to be authorized to call the methods in the Sensitive API group, FIM CM must be configured as follows:

  1. Open the web.config file that is associated with the FIM CM Web Virtual Directory (the default location of this file is %programfiles%\Microsoft Certificate Lifecycle Manager\web\web.config).

  2. Locate the configuration section for the Sensitive API group, which resembles the following:

  3. <add key="Clm.ProvisionApi.SensitiveApiGroup" value="" />

  4. By default, FIM CM does not authorize any users to call the methods in the Sensitive API group.

  5. Set the value to the name of a security group that contains the users who are to be authorized to call the methods in the Sensitive API group. The security group must be specified in the "domainname\groupname" format. For example:

  6. <add key="Clm.ProvisionApi.SensitiveApiGroup" value="domain\SensitiveApiUserGroup" />

  7. Save the web.config file.

Thread Safety

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Platforms

Development Platforms

Windows 2008 x64 Edition

Target Platforms

Windows XP SP3, Windows Vista SP1+, Windows 7, Windows Server 2008, Windows Server 2008 R2

See Also

Reference

ExecuteOperations Class
ExecuteOperations Members
Microsoft.Clm.Provision Namespace
AdminKeyVersion