> Why don't you want to generate the keys on the card? Under normal circumstances that's the thing smart cards are for.
I've got limited experience with PKI policies, but what about key escrow? Or the poor man's version, creating a backup copy of a smart card on another smart card, kept in a firesafe? Of course, if your card is damaged, lost or stolen, your certification should be revoked by the CA and reissued with a new certification. But you still need the old key to decrypt old data to re-encrypt with the new key, right? _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
