Il 04/02/2012 07:51, Iliya Peregoudov ha scritto:
When private key corresponding to digital certificate is stored on computer's hard disk it is not stored securely. The only way to store private key securely is using smart card. The best security is when you generate the key on the card: you can be quite sure nobody else will be able to read that key. To avoid using a "big" smartcard paired with an even bigger card reader, you can use a "token": it's like a small USB pen, but incorporates both a card and a reader.
Many motherboards have an onboard USB type-A port exactly for this purpose. While TPM in Linux is handled quite in the same way as a SmartCard, I have no idea about how it's handled in Win (but probably it integrates well in the login chain). BYtE, Diego.