Anders Rundgren wrote: > I wonder if we talking about the same subject. I'm talking about establishing > a secure channel between the card and the CA so that the CA actually knows > that the key-pair was created in the card. >
Note: there is no absolutely secure method to establish a connection between a card on a remote machine and the CA . Period. Any client software (CCID, PCSC, PKI, network layer) can be hacked and can be used to impersonate a secure connection. You can achieve "security-through-obscurity" at best, where it is simply not worth the hassle to disassemble the client software. So if you want to ensure that a key is generated on the card *YOU* will have to generate that key. cheers, JJK _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel