Windows 10 LTSC 2021 (21H2) x64, Safenet Authentication Client 10.8 R6, Keepass 2.54, SmartCertificateKeyProvider v.2.0.1

If have several certificates of same purpose (suggestion, I have several types of certs on card) on smartcard, then using with Smart Certificate Key Provider, Windows Security popup window shows and allows select only the latest one.

I have a lot of Secure Email certs on card, both expired (but usable to decrypt old messages or DBs), and current. I've used one to encrypt Keepass DB, and, only the latest one shown in popup after issuing new certificate, and, it's not the certificate used to encrypt KeePass database.

So if encrypted sometime with one some purpose cert, when new certificate of same purpose issued, you lost access to Keepass database.

And, if I invoke CertUtil -SCInfo command, popup shows 'certificate list' dialogue showing all certificates on smartcard.

Is it possible to allow multiple smart cards to unlock the database? I'm trying to set this up at work where we have multiple people that access one database, but I can only seem to add just the one smart card.

(Also, just as a side note, this plugin is working perfectly with NHS Identity Service smart cards.)

Hey, I'm currently using this plugin for myself and it works well, thanks! I was wondering whether I could encrypt a KeePass database for multiple keys? So that I could share a database with colleagues and they could all encrypt/decrypt it with their own smart card?

Hi, thanks your work in the great plugin. We want to secure the keepass-database with Active-Directory certificates. Its al workink well. But, they are valid for 2 years. what happens, when the certificate is expired and did not do anything? THANKS

Thanks for this great plugin, but it does not support ecc certificate yet.
Is this possible & any plan?

Hi,
I tried to do the best thing and upload the same certificate to more Yubikeys. But opening the database with the backup key is not working, KeePass says:

Selected certificate can't be used!
Reason: At least on the of the given parameters can't be interpreted correctly.

There's no other messages, details, nothing. I have a Yubikey 5C Nano and a Yubikey 5C NFC. I generated the certificate on the Nano, exported it then imported to the NFC model into the same slot. Windows doesn't show any difference between the certificates, when the selector pops up, I can see the same. After typing the PIN, I get access to the certificate but KeePass / the plugin doesn't accept/work with it.

Hello,

I locked my yubi so i had to reset it.

I exported the cert before that.

After the reset, I reimported the cert but it's impossible to open my database anymore...
Because of a private key problem?

Is there any way to open my database by overriding the key auth?

Im not sure if this project is maintained anymore but is there any chances of getting it compatible with the latest release?

Thank you for this plugin, it does a great job allowing me to only remember my smart card's PIN and not another long passphrase ;)
I have multiple cettificates available on the smartcard and in windows' store; when I choose the right one at the prompt everything goes well, I can unlock the database and use it; and if I lock it I can unlock it later without choosing the cert again.
However If I close the application, I need to select the correct certificate again at launch. It would be nice if the associated certificate was remembered also between launches.

Hello, tnx for developing this plugin!

I'm trying to use it to encrypt KeePass db using a self-signed digital id stored on a smartcard.

I'm using Omnikey 3021 to read the sc and SafeSign Token Administration Utility to manage it. I used openssl following to https://www.scottbrady91.com/openssl/creating-rsa-keys-using-openssl to create the digital id (pfx) and successifully imported it to the sc.

But when I go on Browse certificate store, the sc is read (it blinks 3 times) but PIN isn't requested and the Windows Security dialog opens saying no certificate is available.

For testing, I also followed https://www.sonicwall.com/support/knowledge-base/how-can-i-import-certificates-into-the-ms-windows-local-machine-certificate-store/170504615105398/ to import the certificate do Windows local store. I imported it to Current User and then it was found.

Might I be doing anything wrong? Maybe Omnikey isn't supported?

See if it can be modified to support TPM-VSCs (documentation: https://download.microsoft.com/download/5/A/B/5ABDDED2-F56E-427D-88C1-411EA0DBFF42/Understanding%20and%20Evaluating%20Virtual%20Smart%20Cards.docx ) in the future