Smart Cards Do Not Support Strong Private Key Protection (295766)
The information in this article applies to:
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Professional SP1
This article was previously published under Q295766 SUMMARY
This article describes why smart cards do not support the strong private key protection functionality.
MORE INFORMATION
When you use the strong private key protection functionality, you are forced to enter your password each time the private key is accessed. This functionality guarantees that a private key cannot be used without your knowledge and agreement. This functionality is not supported by the Microsoft smart card cryptographic service providers (CSPs).
Strong private key protection is controlled by a flag on the key store that is managed by the CryptoAPI. To implement strong private key protection, the CSP must read the flag and prompt you each time the key store is accessed. By default, the Microsoft, Gemplus, and Schlumberger smart card CSPs cache the personal identification number (PIN) until either the card is removed from the smart card reader, or the program is shutdown. If you want to be prompted each time the smart card is used, you must remove the smart card after each private key operation.
| Modification Type: | Minor | Last Reviewed: | 1/27/2006 |
|---|
| Keywords: | kbinfo kbSecurity KB295766 |
|---|
|