Hello,
In AD CS, default profile "SmartCard Logon" has :
- keyUsage "keyEncryption" (and not only "digitalSignature" corresponding to authentication usage)
- "S/MIME capabilities" (with OIDs that seem to be referring to cryptographic algorithms)
I checked that this profile is working for SmartCard Logon.
But I fear that I will encounter some conflicts with the encryption certificate that I'll also put int the smart cardfor secure messaging usage (S/MIME). This certificate will also have keyUsage "keyEncryption", probably S/MIME capabilities, and keyUsage"Secure Messaging" (that "SmartCard Logon" certificate does not have).
Do you know if:
1/ keyUsage "keyEncryption" is really necessary for SmartCard Logon ?
2/ If I may have conflicts with S/MIME usage ? Due to keyEncryption attribute (and S/MIME capabilities) in 2 different certificates in the smart card.
Regards,
David MARTIN