Re: Smart cards and private keys
Milan Tomic wrote: Hi, Is it possible to extract private key from some (any) smart card? I'm using ActivCard equipement and it seems that it is not possible? Thank you in advance, Milan Hi ! I don't know if it concerns really OpenSSL. I know that few smart cards can generate key pairs but only the public key can be extracted. The Private key is only used to sign with. Few month ago I worked with gemplus GPK and GemExpresso smartcards and they work like it. Frédéric. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Smart cards and private keys
Milan Tomic wrote: Hi, Is it possible to extract private key from some (any) smart card? I'm using ActivCard equipement and it seems that it is not possible? in general it's not possible to extract the private key Cheers, Nils __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Smart cards and private keys
Title: Smart cards and private keys OpenSSL does not managethat directly, but it is possible: you will have to create a set of functions using your own software, let's sayusing Windows CryptoAPI to access smartcard , and then suply that callbacksto the RSA_METHOD structure. - Original Message - From: Milan Tomic To: openssl-users@openssl.org Sent: Thursday, January 20, 2005 11:45 AM Subject: Smart cards and private keys Hi, Is it possible to extract private key from some (any) smart card? I'm using ActivCard equipement and it seems that it is not possible? Thank you in advance, Milan
Re: Smart cards and private keys
There are very good reasons NOT to allow extraction of a private key from a crypto device. Investigate the vendor's provisions for either backing up or cloning a device. It is possible that the device will export its private key under some kind of protection (like encryption with some master key that the vendor may or may not allow you to know). However, for identity purposes a lost device can be dealt with by simply issuing a new key pair (that is, commanding the device to generate a totally new pair, then export the public key for signature into a new certificate). Thus, any particular vendor may choose not to export a private key under any circumstances. HTH Milan Tomic wrote: Hi, Is it possible to extract private key from some (any) smart card? I'm using ActivCard equipement and it seems that it is not possible? Thank you in advance, Milan -- An Internet-connected Windows machine is tantamount to a toddler carrying a baggie of $100 bills down a city street... Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]