EIDVirtual

No smart card reader? No problem — turn any USB key into a fully functional virtual smart card.

Download for free

EIDVirtual is free to download. A registration is required after 30 days on Windows Pro and Enterprise editions.

Download

Register or purchase

Required for use beyond 30 days on professional Windows editions.

Register Purchase
Overview

EIDVirtual makes any USB key appear as a virtual smart card in the Windows device manager. It can then be used for smart card logon via EIDAuthenticate or Active Directory — with no physical smart card reader required.

Format a USB key
Format a USB key
Ask for a smart card
Ask for a smart card
Smart card manager
Smart card manager
certutil -scinfo
certutil -scinfo
Driver install
Driver install
Use cases

EIDVirtual was designed for administrators and developers who need to test smart card scenarios, or deploy smart card authentication without procuring physical card readers. The emulation is fully compatible with:

Smart card logon (Active Directory & EIDAuthenticate)
RADIUS / VPN / Wi-Fi EAP-TLS authentication
SSL client certificate authentication
S/MIME email signing & encryption
EFS (Encrypting File System)
BitLocker
Remote Desktop (RDP)

The virtual smart card is also recognized by any remote computer that has EIDVirtual installed, making it fully transparent over Remote Desktop.

Requirements
  • Windows XP / Server 2003 or later
  • A USB key or memory card
Demo video
Secure design

EIDVirtual was carefully designed to protect private keys and PINs. Private data is encrypted twice — first using a USB key fingerprint (including serial number where available, preventing cloning), and second using a PIN-derived key. All cryptographic operations run inside an isolated UMDF host process, separated from all other system processes.

EIDVirtual secure container architecture
Note: As a software solution, EIDVirtual does not provide hardware-level protection (physical CPU isolation, hardware key destruction, or hardware PIN enforcement). It is designed for convenience and testing, not to replace a certified hardware security module.
FAQ

There is no API to export private keys from EIDVirtual.

The token is encrypted using the USB key fingerprint, including the serial number where available. A copy of the token will not be recognized on a different device.

Failed authentication attempts are limited to 3 — just like a real smart card. The counter resets automatically after one hour.

EIDVirtual uses the Windows AES provider, supporting RSA keys from 384 bits to 16,384 bits in 8-bit increments.