Share via


Smart Card Enrollment (Windows Embedded CE 6.0)

1/6/2010

A certificate solution based on smart cards requires a Windows Embedded CE Cryptographic Service Provider (CSP) for the specific type of smart card. A typical smart card CSP fulfills the following requirements:

  • Exposes a CSP interface compatible with the Microsoft RSA provider (RSAENH.DLL).
  • Uses the smart card to help protect private keys.
  • Uses the smart card to perform private key operations such as key exchange and digital signing.
  • Restricts access to private key operations with a user-supplied PIN.
  • Optionally, saves the user certificate on the smart card, by implementing the KP_CERTIFICATE key property. This capability allows the smart card to be used on a different machine.

Smart card certificate enrollment can be done from either a Windows-based desktop computer or a Windows Embedded CE device using a tool like Enroll.exe. You should save the certificate to the smart card if possible. On first use, the Windows Embedded CE device should extract the certificates stored on the smart card and save them to the local system store for use by applications. The Windows Embedded CE certificate control panel utility is capable of performing this step.

See Also

Other Resources

Certificates OS Design Development