Wednesday, November 16, 2011 12:25 AM
Question: Does MS Outlook prompt for the PIN for smartcard during digital signing of email, or does CAPI or the CSP prompt for the PIN? This is in lieu of internal security of the PIN.
I'll appreciate a quick response. Thanks.
Thursday, November 17, 2011 8:13 AM
Please understand that a smart card adds a level of integrity to secure email applications because it stores the private key on the card, protected by a PIN. In order to compromise the private key and send signed email as someone else, someone would have to obtain the user’s smart card and the PIN. The PIN could someday be replaced with a biometric template of the user’s fingerprint, thus enhancing the non-repudiation aspects of digitally signed email.
Understanding Digital Certificates
- Edited by Xiu Zhang - MSFT Thursday, November 17, 2011 8:15 AM
Friday, November 18, 2011 8:47 PM
I understand. Can you answer the question whether Outlook does the fetching of the PIN or if the PIN request is passed via CAPI? When PIN is cached by CSP, is it encrypted so that a rogue application cannot get it in plaintext? This brings the question of whether Outlook has the PIN also in plaintext.
Thanks for your reply.