4

Windows 7 certificate store's default behavior includes storing all public keys you use from smartcards. This is sometimes undesirable as if some machine needs to use a lot of smartcards, the "Please select a certificate" popup becomes increasingly crowded.

Is there a way to configure Windows such that the public key associated with a smartcard would be automatically removed from the certificate store once the smartcard is removed?

Or alternatively, a way to stop Windows from storing smartcard certificates in the store in the first place?

pooispoois
  • 143

2 Answers2

2

I don't know of a way to automatically remove such certificates, but you can clean them out by going to Control Panel -> Internet Options -> Content tab -> Certificates. Select the ones you want to get rid of, then click Remove.

Otherwise, you will need to write a utility that detects the smart-card insert event, then lists and remembers all certificates, and finally deletes them from the certificate store upon the smart-card removal event.

If you intend to go this way, besides the detailed documentation one can find on the Microsoft website, here are some references that can give you some understanding of the required programming :

How to enumerate all certificates on a smart card (PowerShell, but can be adapted to C/C##)
A Smart Card Framework for .NET
pcsc-sharp library

Glorfindel
  • 4,158
harrymc
  • 498,455
0

You can use following command for removing all smartcard-certificates in your store:

certutil -user -delstore my 1.3.6.1.4.1.311.20.2.2

Certificate of used smartcard will appear in certificate store, when you push in your smartcard to the reader.

For More details - check the 1.3.6.1.4.1.311.20.2.2 on your favorite search engine.

Giacomo1968
  • 58,727
Enkel
  • 1