Skip to main content

Configuring a smart card in Windows 11 ARM

Filed on March 9, 2024

One of the biggest challenges I encountered in my home setup had to do with using my smart card with a virtual Windows environment.

Previously, when I tried to sign into an authenticated account from my Windows 11 Home VM on Parallels for Mac, I could never get the machine to use my smart card for authentication. I would get error after error, and I could never figure out what was causing the problem.

I tried:

  • installing different versions of OpenSC
  • installing updated drivers for my specific card reader
  • reinstalling root certificates
  • futzing with the Parallels settings  

It seemed like I tried everything, to no avail. Even when I had the dumb luck to get it working on my Mac mini, I wasn't sure exactly how I did it. I thought it had something to do with the right sequence of configuration steps— as if installing OpenSC either before or after installing the root certs had anything to do with it.

The test came with running certutil -scinfo. I always got a File Not Found error. I could run the pkcs11-tool to read the certificates on the smart card, but the minidriver was a bust. Every. Single. Time.

I finally figured out what the problem was.

Turns out I had to update the registries for the generic card readers (both 32-bit and 64-bit) by using the ATR value that I would get when I ran certutil -scinfo

Some brief instructions after running certutil -scinfo:

Terminal output from certutil command.

The 34-character alphanumeric string under ATR is the value you want. Go to the Windows Registry Editor and find the generic smartcard reader. Look for:

HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Cryptography > Calais > SmartsCards > Identity Device (Microsoft Generic Profile)

Select New > Binary Value to add the ATR. Use ATR for Value Name, and then enter the 34 characters from the Terminal command in the Value Data field.

Select OK and then run certutil -scinfo again.

Once you do that (also consider clearing the SSL slate in Windows 11), you should be able to use the smart card.