Microsoft Smart Card Key Storage Provider: Missing stored keysetĬertUtil: - SCInfo command FAILED: 0x80090016 (-2146893802 NTE BAD KEYSET) If you try to sign with the Yubikey 5 connected using signtool, you'll get the error: SignTool Error: No certificates were found that met all the given criteria.Īnd if you look at the smart card information using certutil -scinfo you'll get an error like: Microsoft Base Smart Card Crypto Provider: Missing stored keyset And 圆4 emulation on Windows 11 does not work for device drivers. The Yubikey minidriver is not currently offered for Windows ARM64, only Windows x86 and 圆4. This is the only thing I use a Yubikey for, so I wasn't hip to the news that there was an upgrade, and my new keys and certificates came on a Yubikey 5 (instead of the Yubikey 4 the old keys are on.) Little did I know that the new Yubikey 5 models require a device driver (the Yubikey "minidriver") to work properly for slot 9a (PIV Authentication) on Windows, versus our Yubikey 4 current that does not need the minidriver for slot 9a. So I was surprised when I renewed our EV certificate, with the private keys stored on a new Yubikey, and the certificate no longer populated into Certificate Manager when I connected the Yubikey. Prior to last-week's adventures, I did our EV Code Signing on Windows via Parallels on my M1 MacBook using my Yubikey with no trouble. It explains why it doesn't currently work, and a kludge workaround to make it work if this is your build environment and you absolutely need to make it work. This blog post is all about my adventures in trying to code sign on Windows 11 running via Parallels on an M1 MacBook Pro, with the private keys stored on a Yubikey 5.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |