Do not cache smart card login

sbidy / KeePass-KeyManager

A public key manager to manage mutlible x509 certificates for a KeePass password database.

GNU General Public License v3.0

38 stars 6 forks source link

Do not cache smart card login #7

Open drbrandus opened 6 years ago

drbrandus commented 6 years ago

The smart card PIN should not be cached; leaving the smart card in the reader, after the first successful unlock, the DB can be unlocked simply selecting the P7Mkey file and the PIN is not asked again.

sbidy commented 6 years ago

Let me check that ... Maybe I can destroy the object in a safe way to prevent that caching behavior.

sbidy commented 6 years ago

In my opinion is that a "bug" from the MS .Net cryptographic functions itself. The key iteself will be encrypted by the envelopedCms.Decrypt and the DecryptMsg function. There is no object cached within the key manager. I've to look deeper in to the "private key handling" from the .Net/Windows side.