Frank Cusack wrote: > For example, if I had some key/cert on the card (and I know it can only > exist on the card -- this might happen before it is shipped to me or in > bulk secure provisioning on site) that is not able to be used for anything > externally. ie, you cannot encrypt,decrypt,sign or verify any external > data with this key/cert. But when you ask for a CSR, there's actually a > CSR APDU -- not a software generation of CSR then asking the card to sign > the CSR. You pass the relevant attributes to be included in the CSR, and > the card itself adds some signed data as a CSR attribute which the CA can > verify. There is no way for the user to add that signed data to a software > CSR because the key used to sign that data is not available to the user. > > That's just a way I thought of, maybe there is some other way as well.
The current (but under revision) Swedish eID card includes a scheme like this. The card is delivered with a special key+cert which is meant to authenticate the card when it is enrolling. So far for the theory. In practise I've seen zero software solutions use this key+cert. I guess there may be one at the police (they issue passports and this card) but.. > It seems it would be a good advantage to be able to do this, you could > provision on demand at an insecure station, instead of (e.g.) having a > secure station and provisioning with a single-use PIN. OTOH you need special cards and special software on the insecure station. //Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel