Identity Alliance CSP

http://www.identityalliance.com/ has a bundle "ID Ally" which contains the ID CSP. This page documents how to get it working.

Install the OpenSC SCB first.

You will need to turn off virtual slots in opensc.conf, for example:

app opensc-pkcs11 {
     pkcs11 {
       num_slots = 1;
       cache_pins = false;
       soft_keygen_allowed = false;
       hide_empty_tokens = true;
   }

• Download ID Ally
• Unpack ID Ally
• double click on the msi file to install it
• start regedit32
• change HKEY_LOCAL_MACHINE\SOFTWARE\Identity Alliance\AuthShim?\PKCS11BaseModule to "opensc-pkcs11.dll"
• ( The next two are optional, and can be left pointing at the IDAP11SHIM.dll)
• change HKEY_LOCAL_MACHINE\SOFTWARE\Identity Alliance\AuthShim?\PKCS11Module to "opensc-pkcs11.dll"
• change HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Identity Alliance CSP\PKCS11Module to "opensc-pkcs11.dll"
• close regedt32

• run "ID Ally Card Manager"
• insert the card, and register the certificates as needed.
• enter PIN

• Visit some ssl client certificate protected web site with Internet Explorer

• To use the CSP with Windows login requires the card i.e. the ATR of the card to be registered with Windows. ID Ally can do this under:

Edit->Preferences->File->Register Card for Login

Test Results

Windows XP, Smart card bundle 0.3rc2, ID Ally 0422051, eGate token adapter with cryptoflex 32k: 
works fine, didn't test the web page so far.

Windows XP, Smart card bundle scb-0.7-rc2.exe, ID Ally v1.0, Oberthur PIV and GemPlus PIV cards.
With Windows CA generated certificates on the PIV cards, it works with smartcard login, screen unlock,
"runnas /smartcard" and IE.