The Windows version of the Enterprise Security Client installs a Windows Cryptographic Service Provider (CSP) that is compatible with the Certificate System-supported smart cards.

Microsoft Windows supports a software library designed to implement the Microsoft Cryptographic Application Programming Interface (CAPI). CAPI allows Windows-based applications, such as the Windows-version of the Enterprise Security Client, to be developed to perform secure, cryptographic functions. This API, also known as CryptoAPI, provides a layer between an application which supports it, such as Certificate System, and the details of the cryptographic services provided by the API.

The CAPI interface can be used to create custom CSP libraries. In Certificate System, custom CSP libraries have been created to use the Certificate System-supported smart cards.

The CAPI store is a repository controlled by Windows that houses a collection of digital certificates associated with a given CSP. CAPI oversees the certificates, while each CSP controls the cryptographic keys belonging to the certificates.

The Certificate System CSP is designed to provide cryptographic functions on behalf of Windows using our supported smart cards. The Windows CSP performs its requested cryptographic functionality by calling the Certificate System PKCS #11 module.

The Certificate System CSP, which has been signed by Microsoft, provides the following features:

The required CSP libraries are automatically installed with the Enterprise Security Client. There are several common situations when a Windows user interacts directly with the CSP.