"Mansey, Jon" schrieb: > > More of a general CA or PKI question, but has anyone experience using a USB > key dongle drive to carry personal private keys around between workstations?
Yes, we tested it with Win2000 and it works (Rainbow iKey 2000). > This would appear to work in principle, but the issue is that the key must > be imported for Windows/IE to use it. This is only correct if you don't use the CSP from the USB-token to generate the key and create the request. > Thus when the "key" is removed, the > imported key is still installed and must be removed to prevent the cert > being used on that machine. This is correct if you don't generate the key with the CSP of the USB-token. > Is there a way to have the private key actually > read off the usb drive? Do you mean the CSP for Microsofts CAPI? Normally every crypto token for Microsoft products comes with a CSP (Crypto Service Provider). This driver is used by every CAPI-enabled software to access the keys on the token. Internet Explorer is such a software. Best Regards Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
