EIDVirtual - Version 2

No smart card reader? No problem — turn any USB key into a fully functional virtual smart card.

Download for free

EIDVirtual Version 2 is free to download.

Download
Overview

EIDVirtual makes any USB key appear as a virtual smart card in the Windows device manager. It can then be used for smart card logon via EIDAuthenticate or Active Directory — with no physical smart card reader required.

Format a USB key
Format a USB key
Ask for a smart card
Ask for a smart card
Smart card manager
Smart card manager
certutil -scinfo
certutil -scinfo
Driver install
Driver install
Use cases

EIDVirtual was designed for administrators and developers who need to test smart card scenarios, or deploy smart card authentication without procuring physical card readers. The emulation is fully compatible with:

Smart card logon (Active Directory & EIDAuthenticate)
RADIUS / VPN / Wi-Fi EAP-TLS authentication
SSL client certificate authentication
S/MIME email signing & encryption
EFS (Encrypting File System)
BitLocker
Remote Desktop (RDP)

The virtual smart card is also recognized by any remote computer that has EIDVirtual installed, making it fully transparent over Remote Desktop.

Requirements
  • Windows 10 or later ; Windows 2016 or later
  • A USB key or memory card
Demo video
Secure design

EIDVirtual was carefully designed to protect private keys and PINs. Private data is encrypted twice — first using a USB key fingerprint (including serial number where available, preventing cloning), and second using a PIN-derived key. All cryptographic operations run inside an isolated UMDF host process, separated from all other system processes.

EIDVirtual secure container architecture
Note: As a software solution, EIDVirtual does not provide hardware-level protection (physical CPU isolation, hardware key destruction, or hardware PIN enforcement). It is designed for convenience and testing, not to replace a certified hardware security module.
FAQ

There is no API to export private keys from EIDVirtual.

The token is encrypted using the USB key fingerprint, including the serial number where available. A copy of the token will not be recognized on a different device.

Failed authentication attempts are limited to 3 — just like a real smart card. The counter resets automatically after one hour.

EIDVirtual uses the Windows AES provider, supporting RSA keys from 384 bits to 16,384 bits in 8-bit increments.