Microsoft KB Archive/295766

= Smart Cards Do Not Support Strong Private Key Protection =

Article ID: 295766

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1

-



This article was previously published under Q295766





SUMMARY
This article describes why smart cards do not support the strong private key protection functionality.



MORE INFORMATION
When you use the strong private key protection functionality, you are forced to enter your password each time the private key is accessed. This functionality guarantees that a private key cannot be used without your knowledge and agreement. This functionality is not supported by the Microsoft smart card cryptographic service providers (CSPs).

Strong private key protection is controlled by a flag on the key store that is managed by the CryptoAPI. To implement strong private key protection, the CSP must read the flag and prompt you each time the key store is accessed. By default, the Microsoft, Gemplus, and Schlumberger smart card CSPs cache the personal identification number (PIN) until either the card is removed from the smart card reader, or the program is shutdown. If you want to be prompted each time the smart card is used, you must remove the smart card after each private key operation.

Additional query words: smartcard

Keywords: kbinfo kbsecurity KB295766

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.