Hybrid Profile in Smart ID Desktop App
This article includes updates for Smart ID Desktop App 2.0.
This article describes the concept Hybrid Profile used in Smart ID Desktop App.
There is a quite rare scenario where the Trusted Platform Module (TPM) chip, which is available on most laptops, does not accept a certain key to be imported via Smart ID Desktop App. In this case, the Hybrid Profile can be used. With the Hybrid Profile concept, one Virtual Smart Card (VSC) can store (some) associated keys in Microsoft keystore (soft store) under the same VSC.
A scenario when the TPM key import can fail is typically when a recovery or migration of an older certificate is performed to the VSC where the key, for instance, has a public exponent too low for the TPM to accept.
With the Hybrid Profile concept, the process can optionally be allowed to proceed by storing the problematic key or keys in soft key store instead of TPM. Without the Hybrid Profile, the whole process would fail and roll back.
This concept is also applicable for RSA keys larger than 2K not supported by the TPM-based Microsoft VSC implementation.
For more information, see API parameters specific to Smart ID Desktop App (version 2.0)