Skip to main content
Skip table of contents

NextVSC overview and features

Introduction

With Smart ID Desktop App, Nexus has since many years supported Virtual Smart Card (VSC) on Windows 10 and 11 based on the Microsoft VSC solution.

The Microsoft solution comes with a few drawbacks such as:

  • Not being recommended or further developed by Microsoft

  • Not supporting ECC or RSA keys larger than 2048 bytes

  • Not supporting RSA PSS, that is, no support for TLS 1.3

With the NextVSC add-on, Nexus introduces a new concept for providing Nexus native Virtual Smart Cards (VSC) for the Windows 10/11 platforms, which provides an extendable architecture capable of unifying different technologies and bearers of VSCs under the same implementation. These are presented to the Windows platform as if they were a physical smart card.

The NextVSC add-on is fully integrated from Smart ID Desktop App in a seamless way. This means that the application behaves indifferent between Microsoft VSC and NextVSC and provides the same User Interface (UI), the same features etc.

NextVSC implements a minidriver and a virtual smart card reader to fit Microsoft smart card subsystems to make the VSC appear and act as a standard physical smart card to support all related use-cases, like Windows login, TLS, PDF signing, S/MIME email security etc.

Version 1.0 of NextVSC brings support for RSA 3072 and RSA 4096 keys through a TPM-backed key wrapping solution.

The TPM specification as of today only mandates support up to RSA 2048 why a TPM-backed wrapping solution which in NextVSC utilizes AES encryption to protect the RSA keys as they are unwrapped and used in cryptographic operations.

NextVSC runs as a Windows Service and is installed separately and independently from the Smart ID Desktop App.

NextVSC features

The features of NextVSC are as follows:

  • Support for RSA 3K and 4K certificates.

  • Nexus native TPM wrapping solution of private keys based on AES encryption.

  • Add-on to Smart ID Desktop App for seamless integration with Smart ID life-cycle management with Smart ID Identity Manager (IDM) and authentication with Smart ID Digital Access (DA).

  • Client-side key generation with certificates generated by Certificate Manager via CSR/PKCS#10.

  • Server-side generated/archived certificates and keys (P12).

  • Windows use-cases according to certificate capabilities and key usages.

  • Windows login, S/MIME, TLS, PDF signing etc. via NextVSC minidriver API.

  • User Interface provided by Smart ID Desktop App:

    • PIN change, VSC deletion, VSC details, certificate details.

    • Language support, English, German, French and Swedish.

  • PIN blocking and remote PIN unblock.

  • TPM anti-hammering and blocking.

  • Co-existence with Microsoft VSC under Smart ID Desktop App.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close