Chip-tweet, alternative usage of PKI devices presented at Hacktivity 2012

by Ron Szab,

Tags: Security

Summary : The smart card topic is hot nowadays. Whenever experts talk about NEK, student cards, retired cards, mass transit travelling cards, we have to know that in the background cryptographic functions are called. The presentation is about these latter ones.
How can a code signer USB token be accessible for all developers?
Is it possible to bypass PIN code submission by user at a certified (FIPS, CC) smart card?
What is CryptSetProvParam() good for?
How can the authorization procedure (code review and digital signing must be always performed by Microsoft) of a self-developed CSP be simplified?
Is it possible to intercept and replay communication with smart card during qualified electronic signature creation? What is the secret of winscard.dll?
Is it possible to access cryptographic functionality of a smart card from a remote computer?