Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not cache smart card login #7

Open
drbrandus opened this issue Apr 9, 2018 · 2 comments
Open

Do not cache smart card login #7

drbrandus opened this issue Apr 9, 2018 · 2 comments
Assignees
@sbidy
Labels
possible bug

Comments

@drbrandus
Copy link

The smart card PIN should not be cached; leaving the smart card in the reader, after the first successful unlock, the DB can be unlocked simply selecting the P7Mkey file and the PIN is not asked again.
@sbidy
Copy link
Owner

sbidy commented Jun 11, 2018

Let me check that ... Maybe I can destroy the object in a safe way to prevent that caching behavior.

@sbidy sbidy self-assigned this Jun 11, 2018
@sbidy
Copy link
Owner

sbidy commented Jul 9, 2018

In my opinion is that a "bug" from the MS .Net cryptographic functions itself.
The key iteself will be encrypted by the envelopedCms.Decrypt and the DecryptMsg function. There is no object cached within the key manager.
I've to look deeper in to the "private key handling" from the .Net/Windows side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbidy sbidy

Labels
possible bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sbidy @drbrandus