How to make a DSC USB Token with Pkcs12 certificate?

Question

Each user of our system uses an X509 certificate to sign documents or approve documents.

We issue certificates by ourselves and send them to users in form of a PKCS12 file. It works perfectly so far.

Now, we want to distribute our certificates in a USB Token like other Certificate Authorities do.

Can we make tokens by ourselves using .NET code? If not, which software is used for making such USB tokens?

Answer 1

I've evaluated a solution called EIDVirtual to create a smartcard from a regular USB. It's from mysmartlogon.com.

I works at my development environment. However I'm not sure is it straightforward for the end users or not. And the cost is needed to clarify as well. If each end user PC requires a license, then it is not feasible at all.

Answer 2

USB Tokens are SmartCard in USB Drive with USB Connector fused into it. (Instead of Smartcard reader and USB Cable...!)

USB Tokens are cypto capable devices which stores user's private keys securely and public keys and Certificates may also be stored in it (but has limited storage space)

Any Government approved Certifying Authority or Self (Internal) Certifying Authority can enroll and issue certificates in USB Token.

Suggest you to buy any FIPS Certified USB Tokens or Smartcard available in your market.

Please refer to my posts about USB Token and APIs available for Certifying Authority: https://security.stackexchange.com/a/252698/206413 https://stackoverflow.com/a/68556286/9659885

API available for Developers: https://stackoverflow.com/a/63173083/9659885