Re: EFS and Smart Card

From: Ling Tang (ltang7_at_hotmail.com)
Date: 07/31/03 

Date: Thu, 31 Jul 2003 09:50:06 +0800

Could you briefly outlone what are the 12 others that limit usage of smart
card in EFS?
I find it diffcult to understand the limitation, even after reading the link
you post. May be I need to read further in the the related link. However I
would appreciate if you can summarize the reasons.

Thanks,
Ling
"David Cross [MS]" <dcross@online.microsoft.com> wrote in message
news:%23Eio9UpVDHA.2364@TK2MSFTNGP09.phx.gbl...
> Yes, this is one of the major reasons and there are about 12 others.
please
> take our word as authoritative on this subject. We would like to support
> this functionality in the future.
>
>
http://www.microsoft.com/WindowsXP/pro/techinfo/administration/recovery/default.asp
>
> --
>
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> http://support.microsoft.com
>
> "John Banes [MS]" <jbanes@online.microsoft.com> wrote in message
> news:eTcc1GfVDHA.2288@TK2MSFTNGP12.phx.gbl...
> > EFS is mostly implemented in the lsass.exe process, which doesn't
directly
> > have access to the user desktop. So when the smartcard CSP attempts to
> > display its PIN dialog box, the calling thread hangs forever. So to
> support
> > smartcards, some extra code would need to be written to obtain the PIN
> ahead
> > of time and plumb it down to the lsass.exe process. There may be
> additional
> > reasons, but this is what comes to mind.
> >
> > Regards,
> >
> > John Banes
> > [Microsoft Security Developer]
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > Please do not send email directly to this alias. This alias is for
> newsgroup
> > purposes only.
> >
> > "Ling Tang" <ltang7@hotmail.com> wrote in message
> > news:OwFzorWVDHA.1316@TK2MSFTNGP12.phx.gbl...
> > > Thanks David and again Mike. I noticed these questions have been
> discussed
> > > for several times, but since I still got different answer from
different
> > > parties. I guess properly because they quoted from different white
> paper.
> > >
> > > I am still very curious why EFS does not support smart card. If I
> replace
> > > the default CSP (MS Base Cryptographic Provider) with my own smart
card
> > CSP
> > > which implement according to the spec, I can't understand why this
does
> > not
> > > work.
> > >
> > > Cheers,
> > > Ling
> > > "David Cross [MS]" <dcross@online.microsoft.com> wrote in message
> > > news:eOfxOJQVDHA.2224@TK2MSFTNGP09.phx.gbl...
> > > > I will try to get the windows 2000 paper corrected: EFS does not
> > support
> > > > smartcards currently and will not work with smartcards in current
> > versions
> > > > of Windows.
> > > >
> > > > --
> > > >
> > > >
> > > > David B. Cross [MS]
> > > >
> > > > --
> > > > This posting is provided "AS IS" with no warranties, and confers no
> > > rights.
> > > >
> > > > http://support.microsoft.com
> > > >
> > > > "Miha Pihler" <miha.pihler@Atlantis-N0Spam.si> wrote in message
> > > > news:%23VWRu5OVDHA.2004@TK2MSFTNGP10.phx.gbl...
> > > > > Hi,
> > > > >
> > > > > this question has been asked quite a few times on last Tech-Ed in
> > Dallas
> > > > and
> > > > > even before on one of T-Preps that I was attending. Answer was
> always
> > > no.
> > > > I
> > > > > am not sure why at this moment. I will have to check some of my
> notes.
> > > > >
> > > > > File System. Here is
> > > > >
> > > >
> > >
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/support/DataProt.asp
> > > > > a white paper on Data Protection and Recovery on WinXP. Microsoft
> here
> > > > > states:
> > > > > "Smart card-based certificates and keys are not currently
supported
> > with
> > > > the
> > > > > Encrypting"
> > > > >
> > > > > I am sorry I can't give more details at the moment, but I will
look
> > into
> > > > > it...
> > > > >
> > > > > --
> > > > > Mike
> > > > > MCSA 2K, MCSE 2K, MCT, ...
> > > > >
> > > > > "Ling Tang" <ltang7@hotmail.com> wrote in message
> > > > > news:u4cK7gOVDHA.2368@TK2MSFTNGP09.phx.gbl...
> > > > > > Thanks Mike, but it is mention in the white paper from Microsoft
> > that
> > > > EFS
> > > > > > does support smart card.
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/deploy/nt5efs.asp
> > > > > >
> > > > > > Besides, do you have any idea why it does not support smart
cards.
> > > From
> > > > my
> > > > > > limited knowledge, EFS always make use of CryptoAPI, so as long
as
> > the
> > > > CSP
> > > > > > support smart card, it should has no big difficulty in usage of
> > smart
> > > > card
> > > > > > in EFS... please comment and elaborate.
> > > > > >
> > > > > > Thanks,
> > > > > > Ling
> > > > > >
> > > > > > "Miha Pihler" <miha.pihler@Atlantis-N0Spam.si> wrote in message
> > > > > > news:uMjs$lNVDHA.1368@TK2MSFTNGP11.phx.gbl...
> > > > > > > Hi Ling,
> > > > > > >
> > > > > > > it is not possible to use EFS with Smart Cards... Microsoft
was
> > > > thinking
> > > > > > > about this for Windows 2003 server, but it is still not
> supported
> > > and
> > > > it
> > > > > > > will not work...
> > > > > > >
> > > > > > > --
> > > > > > > Mike
> > > > > > > MCSA 2K, MCSE 2K, MCT, ...
> > > > > > >
> > > > > > > "Ling Tang" <ltang7@hotmail.com> wrote in message
> > > > > > > news:%23Sh5PYNVDHA.2104@TK2MSFTNGP10.phx.gbl...
> > > > > > > > I found different comment on support of smart card or other
> > > hardware
> > > > > > token
> > > > > > > > in Encrypting File System (EFS). May be they are referring
to
> > > > > different
> > > > > > > > version of windows or based on some assumption. May I be
> excused
> > > to
> > > > > ask
> > > > > > > the
> > > > > > > > same question again. And I would appreciate if you can
provide
> > > > > pointers
> > > > > > of
> > > > > > > > information on your comment about whether EFS supports usage
> of
> > > > smart
> > > > > > > card.
> > > > > > > > I know a few article that have high level description on
> whether
> > > EFS
> > > > > can
> > > > > > > > support hardware token, but it is not detail or technical
> > enough.
> > > It
> > > > > > will
> > > > > > > be
> > > > > > > > grateful if you have pointers to some really technical
> articles
> > > > about
> > > > > > EFS
> > > > > > > > with smart card.
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > > Ling
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: EFS and Smart Card
    ... card in EFS? ... this is one of the major reasons and there are about 12 others. ... We would like to support ...
    (microsoft.public.security)
  • Re: EFS and Smart Card
    ... card in EFS? ... this is one of the major reasons and there are about 12 others. ... We would like to support ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Re: aRts, KDE, Xmms, FC2
    ... My card (Turtle ... supporting a db50xg midi daughter card from Yamaha that I can't seem to ... I think some reasonable dialog with the Turtle Beach support group might ... hopefully killing one of my last three reasons for ...
    (Fedora)
  • Re: EFS and Smart Card
    ... Hi Ling, ... it is not possible to use EFS with Smart Cards... ... > I found different comment on support of smart card or other hardware token ... > support hardware token, but it is not detail or technical enough. ...
    (microsoft.public.security)
  • Re: EFS and Smart Card
    ... Hi Ling, ... it is not possible to use EFS with Smart Cards... ... > I found different comment on support of smart card or other hardware token ... > support hardware token, but it is not detail or technical enough. ...
    (microsoft.public.windowsxp.security_admin)