Re: A PKI Question: PKCS11-> PKCS12

[Mitchell Arnone <marnone@xxxxxxxxxxxxxxxxxxxxxx>]

It depends on the Smart Card in use.  Most Smart Cards that meet standards 
like FIPS 140-1 Level 2 will not let you export the private key ever.  This 
is necessary to support non-repudiation.  It makes total sense.

Mitch

At 11:17 AM 11/27/2001, RAGHAVENDRAN H. (SSG) - CTD, Chennai. wrote:

> Hi List:
>
> Sorry this may be off the list, but I thought this is the best "PKI" place
> to ask this question :-)
>
> Myself and my friend had an discussion in which he says that when I put a
> private key/certificate pair into a smart card device (such as GPK 4000), it
> is impossible to read the information and create a PKCS12 file (disk based)
> out of it.
>
> I find it mighty strange. For example, I might want to swap my
> certificate/key pair from one smart card to another and I might want to do
> it via the PKCS12 format.
>
> Can anybody say whether this is possible or not?
>
> Some of my friends say that it "may be" possible to export only the
> Certificate and not the private key associated with it. I don't see sense
> any of this argument.
>
> In fact, what is the point in jailing the private key for life in a single
> smart card? This argument is totally contrary to logical thinking.
>
> Pls. guys, I'd be grateful if you could answer this question.
>
> Regards,
> Raghav

***********************************************************
Mitchell Arnone
Senior Consultant
Technical Consulting Practice, Northeast Region
Schlumberger Network Solutions

marnone@xxxxxxxxxxxxxxxxxxxxxx
www.slb.com/nws

35 Waterview Blvd.
Suite 210
Parsippany, NJ 07054-1200
USA

Phone  +1 410-579-8691
Mobile  +1 443-838-9373