[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: A PKI Question: PKCS11-> PKCS12

To: "'jim.essig@xxxxxxxxxxxxxxxx'" <jim.essig@xxxxxxxxxxxxxxxx>, raghavh@xxxxxxxxxxxxxxx
Subject: RE: A PKI Question: PKCS11-> PKCS12
From: Ryan Hurst <ryanh@xxxxxxxxxxxx>
Date: Tue, 27 Nov 2001 11:35:55 -0800
Cc: ietf-pkix@xxxxxxx
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

There are different type's smart cards, some of which are storage only
devices, others actually do the cryptography. In the first case it is
possible to export/import a P12 onto the device. In the latter case it is
not normally possible. Most crypto cards also support being used as storage
only devices but not all, this is usually determined by how the device has
been initialized.

Hope this helps

Ryan

-----Original Message-----
From: jim.essig@xxxxxxxxxxxxxxxx [mailto:jim.essig@xxxxxxxxxxxxxxxx] 
Sent: Tuesday, November 27, 2001 10:24 AM
To: raghavh@xxxxxxxxxxxxxxx
Cc: ietf-pkix@xxxxxxx
Subject: Re: A PKI Question: PKCS11-> PKCS12



The purpose of storing a private key in a smart card, is exactly that "to
jail it". By being able to move the private key to another device you run
the risk of a malicious user having a copy of your private key and using
that private key to impersonate you. The reason to have a smart card is to
provide a secure means to transport, store and use your private key for
authentication and/or encryption. A Smart card user may have a legitimate
"want" to move their key to another smart card, but this would circumuvent
the point of the smart card. The purpose is not to just be able to
transport the key, otherwise everyone would use 3.5" floppies.

Hope this answered your question.

-Jim




"RAGHAVENDRAN H. (SSG) - CTD, Chennai." <raghavh@xxxxxxxxxxxxxxx>
@mail.imc.org on 11/27/2001 11:17:19 AM

Sent by:  owner-ietf-pkix@xxxxxxxxxxxx






To:   ietf-pkix@xxxxxxx
cc:
Subject:  A PKI Question: PKCS11-> PKCS12



Hi List:

Sorry this may be off the list, but I thought this is the best "PKI" place
to ask this question :-)

Myself and my friend had an discussion in which he says that when I put a
private key/certificate pair into a smart card device (such as GPK 4000),
it
is impossible to read the information and create a PKCS12 file (disk based)
out of it.

I find it mighty strange. For example, I might want to swap my
certificate/key pair from one smart card to another and I might want to do
it via the PKCS12 format.

Can anybody say whether this is possible or not?

Some of my friends say that it "may be" possible to export only the
Certificate and not the private key associated with it. I don't see sense
any of this argument.

In fact, what is the point in jailing the private key for life in a single
smart card? This argument is totally contrary to logical thinking.

Pls. guys, I'd be grateful if you could answer this question.

Regards,
Raghav

----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.

Prev by Date: Copying smart cards. Was: A PKI Question: PKCS11-> PKCS12
Next by Date: Re: A PKI Question: PKCS11-> PKCS12
Previous by thread: RE: A PKI Question: PKCS11-> PKCS12
Next by thread: Re: A PKI Question: PKCS11-> PKCS12
Index(es):
- Date
- Thread