[xmlsec] xmlSecMSCryptoKeyDataAdoptCert

Amiler Scumba amiler_scumba at hotmail.com
Tue Feb 14 05:21:45 PST 2006

>Sorry my mistake. Do you really put _certificate_ to hardware token
>leaving private key at disk?

We perform the following steps:
Import the .PFX file on the hardware token.  Both the certificate and 
private key are imported to the token.

Delete the certificate from the local machine. Internet explorer warns you 
the them deleting, you will be unable to decrypt any data encrypted with 
this certificate... The Internet Explorer removes the certiricate from 
CryptoApistore, but leavs the private key on the disk (this is a bug!)

We then re-insert the smart card into machine. And Register certificate with 
the utility provided by the smart card maufacturer. This imports the 
certificate in current user store and set the provider info structure to the 
correct CSP and key container (smart card).

You can repeat step 3 on any other machine you want and you will be able to 
use the smart card and the private key stored on the smart card.

If you perform the step 3 on the machine which was used to generate the 
private key, and you do not use the provider info flag, you will be able to 
use the certificate without inserting the card. It looks like cryptoapi 
tries very hard to find the maching key ;--)


Express yourself instantly with MSN Messenger! Download today it's FREE! 

More information about the xmlsec mailing list