I have formatted some Crytoflex 32K cards with OpenSC since OpenSC is open source and available under both Windows and Linux. I was given the task of getting a smart card to allow a user to login under its own resources (NO Domain Controller). It seems everyone out there just expects you to have a Windows 2003 CA. Anyways, I took my OpenSC formatted cards and then Formatted with Dekart. The card still works for the OpenSC application, and all the other certificates work! I am rather confused. Does Dekart format in a non-destructive way on an isolated park of the smart card? Are the password and login stored on the machine and all the Dekart software does is make sure the card can be unlocked? Could someone please explain this in greater detail.



Thanks!

Hi, that kind of behaviour is correct. The cause of that is the fact that we designed our product to be "alien-software-friendly", i.e. we won't use a smart card or token exclusively, which makes it possible to use the same key for more than one purpose (ex: one for Dekart software, and something else provided by a different non-Dekart program).

So not only that it is natural that multiple Dekart applications can share the same smart card, but our data can co-exist on a card / token with programs coming from a different vendor too.


The format procedure (carried out by the Key Formatting Utility) will not overwrite the contents of the smart card, it will simply use the available free space and create the directory in which the data are stored. 'Format' is probably not the right word to use, perhaps 'Initialize' would be more appropriate.


The only condition is to Dekart-format the card after another application's format procedure, because others may not be "alien-software-friendly", and will delete Dekart data along with anything else that resides on the smart card.


So, what you see is not a bug, it's a feature that works.

Thank you for your prompt response. I have one more question. Where is the data stored? Is there a x509 or private key stored on the card that contains the loging an password? Are there any untilities to view this information? Does the windows registry contain any login or password information?

Also, does dekart do bulk license discounts.

thanks,

Michael Phillips

Michael,

The data are stored on the smart card or token. You can leave the certificate in the system, but the keys will be migrated to the smart card; you can move the certificate to the card as well (if you don't wish to leave any traces on the system). This is valid if the discussion takes place in the context of Dekart RSA Cryptographic Provider (http://www.dekart.com/products/secure_emailweb/dekart_rsa_cryptographic_provider/).

If you refer to the other Dekart programs that can use tokens or smart cards (ex: Private Disk Multifactor, or Secrets Keeper), then the principle is the same - all the keys are stored on the smart card, and copies cannot be found elsewhere.

Does the windows registry contain any login or password information?
In any case, we never store the keys in the Windows registry.


Are there any utilities to view this information? Yes, you can use Key Manager (http://www.dekart.com/products/card_management/key_manager/); and you will obviously need to know the right PIN in order to view the information. Key Manager allows you to make encrypted backups of a smart card, or copy it to another smart card or token.


Also, does dekart do bulk license discounts.
Yes, I'll ask someone from sales to send you an email with the details.