|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Relative Security Provided by Cached Domain Credentials?
From: Nicolas RUFF (lists) (ruff.lists
edelweb.fr)
Date: Wed May 26 2004 - 12:14:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I have seen mentioned the use of smartcards for efs certificates in this
> thread a couple of times.
>
> Although it would be nice in theory it was my understanding that this cannot
> be used at present because not thought about in the efs API, so during
> decreption or encryption for that matter only the personal certificate store
> is checked for a key, not any smartcard related stuff.
>
> At least that is what I understood about efs and smartcards.
> Has any of you actually tested the smartcard solution, or it this how you
> would theoratically handle it?
Hello,
I do not have any personal experience of EFS + SmartCards. I guess it would work because of the
CryptoAPI abstraction between applications and certificate stores, but I won't take it for granted
because Microsoft documentation contradicts from one source to another.
However I managed to get the following combo working : SmartCard + USB Token Reader + Windows 2003
Domain Controller + Windows XP Client + "SmartCard User" certificate. This certificate has been
successfully used for Domain Logon, Mail Encryption and Mail Signature.
Hope it helps.
Regards,
- Nicolas RUFF
-----------------------------------
Security Consultant
EdelWeb (http://www.edelweb.fr/)
-----------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]