Please understand that a smart card adds a level of integrity to secure email applications because it stores the private key on the card, protected by a PIN. In order to compromise the private key and send signed email as someone else, someone would have to obtain the user’s smart card and the PIN. The PIN could someday be replaced with a biometric template of the user’s fingerprint, thus enhancing the non-repudiation aspects of digitally signed email.
Understanding Digital Certificates
- Edited by Xiu Zhang - MSFT Thursday, November 17, 2011 8:15 AM
I understand. Can you answer the question whether Outlook does the fetching of the PIN or if the PIN request is passed via CAPI? When PIN is cached by CSP, is it encrypted so that a rogue application cannot get it in plaintext? This brings the question of whether Outlook has the PIN also in plaintext.
Thanks for your reply.