Smart Card Enrollment

A certificate solution based on smart cards requires a Windows CE Cryptographic Service Provider (CSP) for the specific type of smart card. A typical smart card CSP fulfills the following requirements:

  • Exposes a CSP interface compatible with the Microsoft RSA provider (RSAENH.DLL).
  • Uses the smart card to help protect private keys.
  • Uses the smart card to perform private key operations such as key exchange and digital signing.
  • Restricts access to private key operations with a user-supplied PIN.
  • Optionally, saves the user certificate on the smart card, by implementing the KP_CERTIFICATE key property. This capability allows the smart card to be used on a different machine.

Smart card certificate enrollment can be done from either a Windows-based desktop computer or a Windows CE device using a tool like Enroll.exe. You should save the certificate to the smart card if possible. On first use, the Windows CE device should extract the certificates stored on the smart card and save them to the local system store for use by applications. The Windows CE certificate control panel utility is capable of performing this step.

See Also

Enrolling for a Certificate | Creating an Enrollment Environment | Configuring Enroll.exe

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.