Please understand that a smart card adds a level of integrity to secure email applications because it stores the
private key on the card, protected by a PIN. In order to compromise the private key and send signed email as someone else, someone would have to obtain the user’s smart card and the PIN. The PIN could
someday be replaced with a biometric template of the user’s fingerprint, thus enhancing the non-repudiation aspects of digitally signed email.
I understand. Can you answer the question whether Outlook does the fetching of the PIN or if the PIN request is passed via CAPI? When PIN is cached by CSP, is it encrypted so that a rogue application cannot
get it in plaintext? This brings the question of whether Outlook has the PIN also in plaintext.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.