Hello, I am new to Smart Cards and I would be very grateful if you could answer my questions.

I want to use Windows PKI to generate certificates for logon and EFS. These may also be used for authenticating e-mail etc.

Would it be possible to install these certificates onto smart cards, and if the answer is yes then how can one go about it? From the little that I managed to understand (I apologise for my limited understanding). I would need to purchase the Dekart software to manage the certificates. I can understand that I will need to use some software to write the certificates onto smart cards but apart from that, can I just manage the certificates from the Windows 2003 server?

I am required to deploy in remote geographical areas and need to implement the Windows 2003 CRLs.If I understood correctly then CRL function is entirely dependent on the server that is the policy manager and as such the smart card should not affect this in any way.

Also does the smart card incorporate any protection/encryption of the data on the smart card, as I am worried that should a smart card reader and smart card fall into the hands of an unauthorised person he may be able to use the smart card (I know that you have to have the pin code) or maybe worse duplicate it without the user realising it?

I thank you in advance and look forward to receiving your response as I am nearing my deployment dates and am looking for a good, sensibly priced solution.

zulu, the product you should take a look at is Dekart RSA Cryptographic Provider (http://www.dekart.com/products/secure_email&web/rsa_cryptographic_provider/).

It allows you to store certificates on various equipment, such as smart cards, tokens or USB thumbdrives [or other flash-memory devices, like, an iPod or a digital camera].


I am required to deploy in remote geographical areas and need to implement the Windows 2003 CRLs.If I understood correctly then CRL function is entirely dependent on the server that is the policy manager and as such the smart card should not affect this in any way.
You're correct, the fact that smart cards store the certificates will not change anything. The Cryptoprovider transparently integrates into the system, and any applications which use the standard Windows cryptographic mechanisms will interact with our solution without realizing it.

Additional information you'll probably need, the List of supported smart card equipment (http://www.dekart.com/products/supported_devices/). But during your experiments - you can use a usual flash disk.

Also does the smart card incorporate any protection/encryption of the data on the smart card, as I am worried that should a smart card reader and smart card fall into the hands of an unauthorised person he may be able to use the smart card (I know that you have to have the pin code) or maybe worse duplicate it without the user realising it?
Smart cards and tokens are PIN-protected, an invalid PIN entered more than a certain number of times will block the card, and its contents becomes non-available. Therefore this protection is rather strong, making sure that brute-forcing is not applicable. The PIN is also needed if you wish to duplicate the card.



Dekart RSA Cryptographic Provider is not available on our public ftp server, but I can email it to you. Send me a private message with your address and I'll send you the distributive (just don't type your email in plain-text on the forum, to keep the spammers away).