Let usb key or SD card act like a smartcard

Discussion in 'Application Software' started by Stannieman, Mar 8, 2012.

  1. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,803
    90
    Is there any software available that let a USB key or sd card look like a smartcard?

    There is plenty of software available that allows you to logon by plugging in a usb key. I also want to be able to unlock bitlocker protected drives with it though, and that requires a real smartcard. So I wonder if it's possible to let a usb key look like a real smartcard to the OS.
    I don't care for storing any other data on the usb key, so any filesystems or partitioning may be removed if needed.

    If it isn't possible to fake a smartcard, would it be possible to force bitlocker to accept usb keys?

    I can of course make an autorun with manage-bde commands to unlock the drives, but that requires autorun to be on and that's a bit unsafe...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. abdovar

    abdovar MDL Novice

    Feb 2, 2010
    41
    57
    0
    is that what you mean :unsure:

    safehousesoftware.com/Manual/User_s_Guide/How_to_Create_a_Virtual_Smartcard.htm
     
  3. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,803
    90
    #3 Stannieman, Mar 8, 2012
    Last edited: Mar 8, 2012
    (OP)
    Not really. The thing just writes a key file to a usb key and can use that only to unlock it's own encrypted files. In addition it mounts this file as a volume in explorer.

    I already have a bitlocker password protected drive and would like to use an sd card to unlock that. You can change some policy settings so you can use a usb/sd to unlock the OS volume. So when you normally need a smartcard to boot you can use usb/sd. But the drive I have is just a data partition and there is only such an option for system volumes.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,803
    90
    #5 Stannieman, Mar 8, 2012
    Last edited: Mar 8, 2012
    (OP)
    I think I have another solution. For the logon just use software like rohos.
    For bitlocker I can write an app that (when opened) checks all storage media's serial numbers.
    If the correct key is installed it reads the password from a textfile on that drive and uses that to unlock the drive. (for security it erases the memory adresses where it stored the pw before passing it to the manage-bde command).
    If the sd card is removed the app automatically force locks the drive again. The only thing I need to find out is how to let the app know the sd is removed without constant polling. Idealy windows itself tells me, but I have no idea how to do that.

    EDIT: When thinking about it, I can also make the logon app myself.
    A logon helper that detects when an sd card is insered, checks it's serial number, and if it's the correct medium it reads the windows pw to login. It also unlocks the drives then already. When any other bitlocker drive is inserted it's unlocked too. When the card is removed all drives are locked and the user logs off. Shouldn't be that hard to do after a bit of practice and research.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. abdovar

    abdovar MDL Novice

    Feb 2, 2010
    41
    57
    0
    sorry stannieman i mean that :p

    w w w.safehousesoftware.com/Manual/User_s_Guide/How_to_Create_a_Virtual_Smartcard.htm

    " I can't post links ;so; put www before the link to be directed to the right page"

    a brief summary of the tool
     
  6. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,803
    90
    That's what I did, bit it only creates an encrypted .smart file which in turn contains the encryption key for it's own encrypted files that it mounts to explorer. So it's not a smartcard actually. The program installed on the computer gives it smartcard features, but only in combination with it's own files and not for external programs or windows.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. vletoux

    vletoux MDL Novice

    Apr 23, 2013
    1
    0
    0
    Hi,
    I've played with a similar tool named EIDVirtual and it worked like a charm.
    I'm using it for testing purpose (it avoids to "burn" real smart card when you are testing PIN/PUK features) and it is also compatible with FIM (forefront identity management). Wasn't able to find a difference with a real smart card from Windows side. (meaning that the smart card logon with active directory works)

    regards,
    Vincent
     
  8. sebus

    sebus MDL Guru

    Jul 23, 2008
    5,933
    1,801
    180
    Thanks vletoux, need to try it, especially that Only €1 until July, 1st !!!!
     
  9. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,857
    2,029
    210
    And has a full Trial up to 30 days as well. For sure enough time for testing it's reliability! Thanks to vletoux for sharing.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,857
    2,029
    210
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    6,857
    2,029
    210
    This EIDVirtual is just one part of a bigger system and investment! If used on an Single Laptop, as example, you'll also need to buy the Apps EIDAuthenticate which cost €65.00.

    That's not what I'm looking for.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...