RSA Encryption softwareSecure LoginDigital IDTerminal LogonLogon for CitrixGeneral issuesSmart cards
 

How to protect your digital certificate with Dekart RSA Cryptoprovider

How to protect your digital certificate with Dekart RSA Cryptoprovider

Introducing Dekart RSA Cryptoprovidersecret key will never be revealed by somebody else.

Dekart RSA Cryptographic Provider goes beyond the functionality of a basic CSP, allowing you to use digital signatures and PKI-based mechanisms without being tied to a single computer. You can migrate your digital certificates to a smart card, token, or a removable disk, and use the digital certificate on another workstation without having to locally install it, not even temporarily. This makes electronic document interchange a quick and safe procedure, protecting you from the risks of identity theft. 

 

 

Windows CSP

Dekart CSP

Digital certificate storage media

Hard disk

Smart card, token, USB flash drive

Digital certificate mobility

Restricted: digital certificate can be exported to a .PFX file and installed on another system

Unrestricted: digital certificates are stored on the flash drive and read directly from it; local copies are not created.

Possibility of cloning a certificate illegally

Yes: one can clone the entire disk on which the CSP stores its data

No: a smart card or token cannot be cloned without knowing the PIN code

Potential dangers

Yes: digital certificate imported on another system can be forgotten there, thus used by somebody else

None: digital certificates are never stored, nor cached on the computer itself

Protection measures

The data are encrypted, a brute force attack is possible

The data are encrypted, a brute force attack is not possible

Backup possibility

No, if the key is not marked as exportable

Yes

A quick comparison chart between the standard Windows CSP and Dekart CSP 

Facts about digital certificates:

A cryptoprovider will store the secret key of the digital certificate in a special repository, to which additional security mechanisms are applied. On the other hand, the digital certificate itself is not protected, since it does not contain any information that (if revealed) may have a negative impact on your privacy. Each digital certificate contains a reference, which allows the cryptoprovider to determine which of the stored secret keys correspond to a given digital certificate. Whenever an application tries to use the secret key, it accesses the digital certificate; afterwards the reference is used by the system to find out where to look for the secret key. 

This is where Dekart RSA Cryptographic Provider steps in, allowing you to move the keys or the digital certificate itself to a smart card or token. In the chart below you can see two digital certificates, one of them uses the standard Windows cryptographic provider, and the other one uses the enhanced Dekart cryptographic provider. In the second case, it is clear that the sensitive data are separated from the operating system, and stored in an entirely different location, being invulnerable to any attack against the OS.

How it works: 

-  After downloading and installing Dekart RSA Cryptographic Provider, you will with or without the digital certificate. 

The decision is determined by how often you need to use the digital certificate, and by the performance of your smart card and smart card reader. Reading data off a smart card is not as fast as reading data stored on a hard disk; the transfer speeds are much lower. If you are often requested to provide your digital certificate
In contrast, if your main concern is privacy and obscurity, you should migrate the digital certificate to the secret key as well.

 

Conclusions

Dekart RSA Cryptographic Provider gives you all the mobility you could wish for, making your infrastructure more secure. It allows you to engage in secure data transmissions from computers other than your home or office PC, while the risk to become a victim of identity theft is nil. 

Use case 

Dekart RSA Cryptographic Provider in a company

 

 
  HomeStorePress RoomRSS feedPrivacy NoticePartnersContactSitemap