[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A PKI Question: PKCS11-> PKCS12

To: "Richard Culshaw" <RCulshaw@xxxxxxxxxxxx>, "'RAGHAVENDRAN H. \(SSG\) - CTD, Chennai.'" <raghavh@xxxxxxxxxxxxxxx>, "Ietf-Pkix \(E-mail\)" <ietf-pkix@xxxxxxx>
Subject: Re: A PKI Question: PKCS11-> PKCS12
From: "todd glassey" <todd.glassey@xxxxxxxxxxxxxxxx>
Date: Wed, 28 Nov 2001 09:32:30 -0800
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
References: <>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Its the commercial tokens like LUNA that offer key cloning. Also some of the
crypto co-processor boards like Atalla's, Rainbow, and Ncipher as I recall.

----- Original Message -----
From: "Richard Culshaw" <RCulshaw@xxxxxxxxxxxx>
To: "'RAGHAVENDRAN H. (SSG) - CTD, Chennai.'" <raghavh@xxxxxxxxxxxxxxx>;
"Ietf-Pkix (E-mail)" <ietf-pkix@xxxxxxx>
Sent: Tuesday, November 27, 2001 3:27 PM
Subject: RE: A PKI Question: PKCS11-> PKCS12


>
>
> HI there,
>
> I have tested numerous different smart cards/USB tokens and software
> combinations and have not seen one that offers a p12 export facility. The
> Purpose of having a smart card is to be able to securely store the Private
> key, if it can be exported from the smart card/token then it isn't really
> secure.
>
> Richard Culshaw
>
> -----Original Message-----
> From: RAGHAVENDRAN H. (SSG) - CTD, Chennai.
> [mailto:raghavh@xxxxxxxxxxxxxxx]
> Sent: Wednesday, 28 November 2001 3:17 AM
> To: ietf-pkix@xxxxxxx
> Subject: A PKI Question: PKCS11-> PKCS12
>
>
>
> Hi List:
>
> Sorry this may be off the list, but I thought this is the best "PKI" place
> to ask this question :-)
>
> Myself and my friend had an discussion in which he says that when I put a
> private key/certificate pair into a smart card device (such as GPK 4000),
it
> is impossible to read the information and create a PKCS12 file (disk
based)
> out of it.
>
> I find it mighty strange. For example, I might want to swap my
> certificate/key pair from one smart card to another and I might want to do
> it via the PKCS12 format.
>
> Can anybody say whether this is possible or not?
>
> Some of my friends say that it "may be" possible to export only the
> Certificate and not the private key associated with it. I don't see sense
> any of this argument.
>
> In fact, what is the point in jailing the private key for life in a single
> smart card? This argument is totally contrary to logical thinking.
>
> Pls. guys, I'd be grateful if you could answer this question.
>
> Regards,
> Raghav

References:
- RE: A PKI Question: PKCS11-> PKCS12
  - From: Richard Culshaw

Prev by Date: RE: Copying smart cards. Was: A PKI Question: PKCS11-> PKCS12
Next by Date: RE: A PKI Question: PKCS11-> PKCS12
Previous by thread: RE: A PKI Question: PKCS11-> PKCS12
Next by thread: RE: A PKI Question: PKCS11-> PKCS12
Index(es):
- Date
- Thread