I have client certificates created with CNG keys with provider "Microsoft Platform Key Provider". The CNG key has a password with strong key authentication using the CNG parameters NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG.
I am trying to use the certificate for TLS connection and inside my SChannel Client implementation I am getting the PIN prompt during the handshake which is normal.
To avoid the PIN promt I tried to set the PIN to the certificate context using the following code template as describe in this link Windows C++ crypto API: how to disable pin code UI for smart card .I made sure to use the CRYPT_ACQUIRE_CACHE_FLAG | CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG in method to retreive the HCRYPTPROV_OR_NCRYPT_KEY_HANDLE and set the PIN by setting the property NCRYPT_PIN_PROPERTY.Thus the same Ncrypt key will be opened in future for same certificate context where the PIN is set.
The certificate context is provided to SCHANNEL_CRED which is passed to AcquireCredentialsHandle(). But I see AcquireCredentialsHandle() is opening a new object of the NCrypt Key from the certificate context and finally the PIN is again asked during the handshake procedure.
My goal is to avoid this PIN prompt during handshake as I would provide it programmatically. I would be very thankful if somebody can help me with this.