RE: A PKI Question: PKCS11-> PKCS12

[Richard Culshaw <RCulshaw@xxxxxxxxxxxx>]

HI there,

I have tested numerous different smart cards/USB tokens and software
combinations and have not seen one that offers a p12 export facility. The
Purpose of having a smart card is to be able to securely store the Private
key, if it can be exported from the smart card/token then it isn't really
secure.

Richard Culshaw

-----Original Message-----
From: RAGHAVENDRAN H. (SSG) - CTD, Chennai.
[mailto:raghavh@xxxxxxxxxxxxxxx]
Sent: Wednesday, 28 November 2001 3:17 AM
To: ietf-pkix@xxxxxxx
Subject: A PKI Question: PKCS11-> PKCS12



Hi List:

Sorry this may be off the list, but I thought this is the best "PKI" place
to ask this question :-)

Myself and my friend had an discussion in which he says that when I put a
private key/certificate pair into a smart card device (such as GPK 4000), it
is impossible to read the information and create a PKCS12 file (disk based)
out of it. 

I find it mighty strange. For example, I might want to swap my
certificate/key pair from one smart card to another and I might want to do
it via the PKCS12 format. 

Can anybody say whether this is possible or not?

Some of my friends say that it "may be" possible to export only the
Certificate and not the private key associated with it. I don't see sense
any of this argument.

In fact, what is the point in jailing the private key for life in a single
smart card? This argument is totally contrary to logical thinking.

Pls. guys, I'd be grateful if you could answer this question.

Regards,
Raghav