Does anybody know if it's possible to store private keys, belonging to service account or computer account, on Windows 8 VSC (virtual smart card)?
As far as I understand, requirement for 8-symbols (at least) PIN prevents it. Service process, like IIS, cannot authenticate against VSC with the PIN, and I didn't find how to set empty PIN for the VSC.
Are there any workarounds? It's awful pity to lose the non-exportability feature, which TPM provides, for server-side certificate keys just because of this PIN thing.
No, you cannot set an empty PIN on a Windows 8 Virtual Smart Card.
At first I said "having a smart card with no PIN defeats the purpose." But that was too flippant of me. I have Bitlocker enabled on my laptop with a TPM, and I don't need to enter a PIN manually every time I boot up to unlock it. But the fact remains that you can't set an empty PIN on a Windows 8 VSC.
The authoritative MSDN spec documentation for VSC is MS-TPMVSC, found here:
http://download.microsoft.com/download/9/5/E/95EF66AF-9026-4BB0-A41D-A4F81802D92C/[MS-TPMVSC].pdf
I don't know really what you are trying to do exactly, but I'm not sure you have anything to gain by pursuing this over just encrypting the volume where the keys are stored with Bitlocker.