amiler_scumba at hotmail.com
Tue Feb 14 05:21:45 PST 2006
>Sorry my mistake. Do you really put _certificate_ to hardware token
>leaving private key at disk?
We perform the following steps:
Import the .PFX file on the hardware token. Both the certificate and
private key are imported to the token.
Delete the certificate from the local machine. Internet explorer warns you
the them deleting, you will be unable to decrypt any data encrypted with
this certificate... The Internet Explorer removes the certiricate from
CryptoApistore, but leavs the private key on the disk (this is a bug!)
We then re-insert the smart card into machine. And Register certificate with
the utility provided by the smart card maufacturer. This imports the
certificate in current user store and set the provider info structure to the
correct CSP and key container (smart card).
You can repeat step 3 on any other machine you want and you will be able to
use the smart card and the private key stored on the smart card.
If you perform the step 3 on the machine which was used to generate the
private key, and you do not use the provider info flag, you will be able to
use the certificate without inserting the card. It looks like cryptoapi
tries very hard to find the maching key ;--)
Express yourself instantly with MSN Messenger! Download today it's FREE!
More information about the xmlsec