On Wed, Jan 18, 2012 at 04:20:05PM -0800, Frank Cusack wrote:
> In a CSR, how is it proven that the key resides on a smart card (and is not
> exportable)? In my understanding, the CSR is signed by the private key of
> the (to be) cert itself. Thus that signature only proves that the
> requester actually possesses the private half, not that the private key
> resides on a smart card.
>
> Looking at the cryptoflex command set, I don't see anything there that
> would add something to the CSR asserting that the key was generated
> on-card. Same for ISO 7816-8, but I could easily be missing something.
You're probably missing the fact that noone stops the owner of a
software key to add the same information to the CSR.
Cheers
Christian
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
