Products > Security

HID SmartCard - How to encrypt files


I had to get an secure email through IdenTrust with my personal certificate.  No problem there.  Now I'm thinking how could I use this to encrypt specific files or folders on my PC.  I don't want to do the whole drive with Bitlocker and I want the flexibility of taking these filers to another PC and using my smart-card for secure access.   I googled and was surprised to see no simple software for personal smart-card use of this type.   Any advice appreciated


this can't be done.

Thanks, finally got a reply.  Could you explain a bit as to why not?  Would be educational for me and others

Smartcards are a purpose made device. They run only very specific applications. The application that would be installed on an identity card can only do signatures. You can't encrypt data with a signature.

The security of smartcards depends in part on you not being able to install new applications (or delete existing). So you can't modify the installed application profile.

Lastly, even if you could update for an "encryption" application, the performance of a smartcard is absolutely dismal. Do you want your hard drive to perform at 1200 baud modem speeds? It would be completely nonfunctional for all but the simplest and smallest type of documents. So regardless of any ability to do so, you are just far better off buying a USB drive and using BitLocker to encrypt that whole drive. Now you have the flexibility to take just those files to another PC.

You can buy a smartcard that has encryption feature. However for your use case it's just better to encrypt an external drive.

I know what you're thinking. "I want the added security of the physical smartcard". Wrong. If you lose or damage the smartcard, whoops, bye bye files. Password (passphrase) is far far better for all intents and purposes. Also, if you suspect or want to protect against compromise on that other PC, smartcard doesn't help you protect against that. If you want to be sure you aren't giving up your passphrase to the other PC, get a SED (self encrypting drive). These devices almost universally suck and are insecure, so you have quite a lot of homework to do there. So much so, that Windows used to detect SED and use it if available. But then they realized this is completely insecure and untrustworthy, so now Windows ignores SED feature and always does software encryption in the OS. That's not to say 100% of the SED drives are bad. Just good luck knowing which ones are good. I'd just use bitlocker.


[0] Message Index

There was an error while thanking
Go to full version
Powered by SMFPacks WYSIWYG Editor
Powered by SMFPacks Advanced Attachments Uploader Mod