2
I recently got my self an email S/MIME signing/encrypting certificate. I installed this on my Windows machine, which, obviously, required me to enter the password I used to encrypt the certificate, and fired up Outlook to test it. Sure enough, I was able to send a signed email. What bothered me, however, was that I was never prompted to enter any password. I assume this means that, when I installed my certificate, Windows decrypted the certificate and the private key and stored it somewhere, either in clear text or encrypted using some other key, implicitly tied to my user account.
Personally, for security reasons I would like to have to enter a password each time I would like to use my certificate. Is it possible to get this kind of behaviour in Windows, either out of the box or using some third part add on?