Note: Forums will be making significant UX changes to address key usability improvements surrounding search, discoverability and navigation. To learn more about these changes please visit the announcement which can be found HERE.

TechCenter >

Previous Versions of Exchange Forums >

Exchange Previous Versions - Mail Flow and Secure Messaging >

Does MS Outlook collect PIN for smartcard during digital signing of email?

Does MS Outlook collect PIN for smartcard during digital signing of email?

Wednesday, November 16, 2011 12:25 AM

0

Question: Does MS Outlook prompt for the PIN for smartcard during digital signing of email, or does CAPI or the CSP prompt for the PIN? This is in lieu of internal security of the PIN.

I'll appreciate a quick response. Thanks.
- Reply
- Quote

All Replies

Thursday, November 17, 2011 8:13 AM

0
Hi,

Please understand that a smart card adds a level of integrity to secure email applications because it stores the private key on the card, protected by a PIN. In order to compromise the private key and send signed email as someone else, someone would have to obtain the user’s smart card and the PIN. The PIN could someday be replaced with a biometric template of the user’s fingerprint, thus enhancing the non-repudiation aspects of digitally signed email.

Understanding Digital Certificates

http://technet.microsoft.com/en-us/library/bb123848(EXCHG.65).aspx

Xiu
- Edited by Xiu Zhang - MSFT Thursday, November 17, 2011 8:15 AM
- Reply
- Quote
Friday, November 18, 2011 8:47 PM

0

Xiu,

I understand. Can you answer the question whether Outlook does the fetching of the PIN or if the PIN request is passed via CAPI? When PIN is cached by CSP, is it encrypted so that a rogue application cannot get it in plaintext? This brings the question of whether Outlook has the PIN also in plaintext.

Thanks for your reply.

JA.
- Reply
- Quote

Frequently asked questions - Forums help