Unblock Virtual Smart Card with Administration Key

Unblocking the Virtual Smart Card is a security sensitive step. It is recommended that it is done using a secure Card Management System. It is optional. If a user Virtual Smart Card is blocked, it can also be deleted and replaced with a new Smart Card. Using the VSC Manager to unblock a Virtual Smart Card is recommended only for very small deployments or testing.

Unblocking a Virtual Smart Card using the admin key requires the  following steps:

  1. Generating a challenge on the VSC Computer
  2. Communicating the challenge to the Administrator
  3. Generating the response with the Admin Key and the Challenge on the Administrator Computer
  4. Communicating the response to the VSC Computer
  5. Sending the Response to the VSC to unblock the card

Generating the challenge

vscmgr.exe --getchallenge [--id PROMPT]

The getchallenge feature is used by the user to request challenge to reset the PIN of a virtual smart card on the computer.

Parameter

Description

--id

Specifies the instance ID of the virtual smart card to be reset. The instanceID was generated as output by vscmgr.exe when the card was created. This refers to the reader index id . This parameter is a required field for the getchallenge command.

DEFAULT value is virtual card at reader index 0.

PROMPT user to enter reader id to be resets.

--help

Displays Help for this command.

Example

vscmgr.exe --getchallenge --id 1

Generating the response

vscmgr –computeresponse [--challenge PROMPT] [--adminkey PROMPT]

The computeresponse feature is used to compute the response for reset PIN. The obtained challenge along with adminkey is required to generate the response.

Parameter

Description

--challenge

Specifies the challenge obtained from the getchallenge command.

 PROMPT user to enter the challenge value.

--adminkey

Specifies the adminkey of the virtual smart card.

 DEFAULT value is 111111111111111111. If the card is created with a default adminkey value.

 PROMPT user to enter a value for the administrator key and has be 24 bytes. It should be in hexadecimal format.

--help

Displays Help for this command.

 

Example

vscmgr.exe –computeresponse –challenge 582990aa0f4a71b7 –adminkey 11111111111111111111111

Sending the Response

vscmgr.exe –sendresponse [--id PROMPT] [--response PROMPT] [--newpin PROMPT]

This feature is used to change the user PIN with the challenge response mechanism. The response is obtained by the user from administrator and along with the virtual smart card id and the newpin, the user PIN can be reset.

Parameter

Description

--response

Specifies the response obtained from the computeresponse command.

 PROMPT user to enter the response value.

--id

Specifies the instance ID of the virtual smart card to be reset. The instanceID was generated as output by vscmgr.exe when the card was created. This refers to the reader index id . This parameter is a required field for the getchallenge command.

DEFAULT value is virtual card at reader index 0.

PROMPT user to enter reader id to be resets.

--newpin

Specifies the new PIN for the virtual smart card.

PROMPT user to enter the new user PIN.

--help

Displays Help for this command.

 

Example

vscmgr.exe –sendresponse –id 1 --response 582990aa0f4a71b7 –newpin 11112222.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk