multiple certificates on a smartcard?

Discussion in 'Server Security' started by JB Fields, Oct 15, 2004.

  1. JB Fields

    JB Fields Guest

    Can a smartcard hold more than one certificate? Can the same card be used
    to log on to multiple accounts?
     
    JB Fields, Oct 15, 2004
    #1
    1. Advertisements

  2. JB Fields

    Miha Pihler Guest

    Hi,

    Smart cards can hold as many certificates as there is storage on the card.
    The only problem is, the certificate that is used for smart card logon must
    be in first slot (first place) on the card. If it is not and e.g. only
    "Secure E-mail" certificate is in first slot, logon will fail. Other then
    this, you can have smart card logon certificate in first slot, and signing
    certificate in second and encrypting on third, authenticating certificate on
    fourth, etc...

    This is because the authentication process on logon windows can't display
    the list of certificates on smart card to chose with which you want to
    logon.
    Kind of related is also the reason why you can't use certificate on smart
    card for EFS (private key used for EFS must be stored on hard drive)...

    I heard somewhere that this will change in next version of Windows... (I
    guess we will see -- I heard same thing about Windows 2003 some time before
    it was released).

    Mike
     
    Miha Pihler, Oct 15, 2004
    #2
    1. Advertisements

  3. JB Fields

    PK Guest

    IsnĀ“t it so that the last added certificate will be considered to be "in the
    first slot"?

    -
    PK
    -
     
    PK, Oct 21, 2004
    #3
  4. JB Fields

    Miha Pihler Guest

    I believe this would depend on CSP (Certificate Service Provider) -- but it
    appears that most of them work in the way you describe.

    On some smart cards (depends on CSP and management tools) you can even
    change the position of certificate...

    Mike
     
    Miha Pihler, Oct 21, 2004
    #4
  5. JB Fields

    Miha Pihler Guest

    CSP = cryptographic service provider ...

    Mike

    <snip>
     
    Miha Pihler, Oct 21, 2004
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.