Is there any software available that let a USB key or sd card look like a smartcard? There is plenty of software available that allows you to logon by plugging in a usb key. I also want to be able to unlock bitlocker protected drives with it though, and that requires a real smartcard. So I wonder if it's possible to let a usb key look like a real smartcard to the OS. I don't care for storing any other data on the usb key, so any filesystems or partitioning may be removed if needed. If it isn't possible to fake a smartcard, would it be possible to force bitlocker to accept usb keys? I can of course make an autorun with manage-bde commands to unlock the drives, but that requires autorun to be on and that's a bit unsafe...
is that what you mean safehousesoftware.com/Manual/User_s_Guide/How_to_Create_a_Virtual_Smartcard.htm
Not really. The thing just writes a key file to a usb key and can use that only to unlock it's own encrypted files. In addition it mounts this file as a volume in explorer. I already have a bitlocker password protected drive and would like to use an sd card to unlock that. You can change some policy settings so you can use a usb/sd to unlock the OS volume. So when you normally need a smartcard to boot you can use usb/sd. But the drive I have is just a data partition and there is only such an option for system volumes.
I think I have another solution. For the logon just use software like rohos. For bitlocker I can write an app that (when opened) checks all storage media's serial numbers. If the correct key is installed it reads the password from a textfile on that drive and uses that to unlock the drive. (for security it erases the memory adresses where it stored the pw before passing it to the manage-bde command). If the sd card is removed the app automatically force locks the drive again. The only thing I need to find out is how to let the app know the sd is removed without constant polling. Idealy windows itself tells me, but I have no idea how to do that. EDIT: When thinking about it, I can also make the logon app myself. A logon helper that detects when an sd card is insered, checks it's serial number, and if it's the correct medium it reads the windows pw to login. It also unlocks the drives then already. When any other bitlocker drive is inserted it's unlocked too. When the card is removed all drives are locked and the user logs off. Shouldn't be that hard to do after a bit of practice and research.
sorry stannieman i mean that w w w.safehousesoftware.com/Manual/User_s_Guide/How_to_Create_a_Virtual_Smartcard.htm " I can't post links ;so; put www before the link to be directed to the right page" a brief summary of the tool
That's what I did, bit it only creates an encrypted .smart file which in turn contains the encryption key for it's own encrypted files that it mounts to explorer. So it's not a smartcard actually. The program installed on the computer gives it smartcard features, but only in combination with it's own files and not for external programs or windows.
Hi, I've played with a similar tool named EIDVirtual and it worked like a charm. I'm using it for testing purpose (it avoids to "burn" real smart card when you are testing PIN/PUK features) and it is also compatible with FIM (forefront identity management). Wasn't able to find a difference with a real smart card from Windows side. (meaning that the smart card logon with active directory works) regards, Vincent
And has a full Trial up to 30 days as well. For sure enough time for testing it's reliability! Thanks to vletoux for sharing.
This EIDVirtual is just one part of a bigger system and investment! If used on an Single Laptop, as example, you'll also need to buy the Apps EIDAuthenticate which cost €65.00. That's not what I'm looking for.