Don Isenor

I created a PKCS10 certificate and installed it into my Windows XP key store using the Windows wizard. I installed it with "strong private key protection" and "high" security level, which should cause Windows to prompt me for a password every time the certificate is used. When I use the certificate to digitally sign outgoing email, I am indeed prompted for the password.

Then I issued myself an X509 certificate-based infocard using that certificate's thumbprint. When I use the infocard in a CardSpace login, there is no prompt for a password, not ok button, no nothing -- yet the certificate is loaded into the RST message and sent to the STS. Is this a bug, a feature, or am I doing something wrong


Re: Windows CardSpace (InfoCard) certificate-backed infocard not prompting for password

Don Isenor

Never mind... I think the problem is that the password is protecting the private key, not the certificate. Because the RST isn't being signed (see http://forums.microsoft.com/MSDN/ShowPost.aspx PostID=1411268&SiteID=1), the private key isn't being accessed, so there's no password prompt.




Re: Windows CardSpace (InfoCard) certificate-backed infocard not prompting for password

Toland Hon - MSFT

Interesting...

I've played with this scenario before and it has indeed prompt me for my password.

Can you try deleting this certificate (backing it up first of course) and see if your card is still usable. I just want to confirm that there isn't a 2nd copy somewhere where CardSpace is retrieving the key information from.

I do know that in the case for smartcards, your credentials are cached in the service until either you remove your smartcard or stop the service.

//Toland




Re: Windows CardSpace (InfoCard) certificate-backed infocard not prompting for password

Don Isenor

Deleting the certificate does render the card unusable, yes. But as I said, the reason it's not asking for the password is (I think) because the password is protecting the private key, and the private key is not being used (because the RST isn't being signed).




Re: Windows CardSpace (InfoCard) certificate-backed infocard not prompting for password

Don Isenor

Problem solved... fixing my security policy caused CardSpace to sign the RST, and now it prompts me for the private key password. Thanks to dandrievsky for the fix.