Re: Smart cards and use the private key

astiglic_at_okiok.com
Date: 01/13/05


Date: 13 Jan 2005 11:49:40 -0800


jordics wrote:

> If I'm not wrong i have to store a certificat in the Smart Cart which
> will contain my keypair and the other information desidered.

AWL talked about this, I won't re-iterate.

> After
> that I'll have to use the private key to encrypt the messages and the
> other one to be given to the partners in order to be able to read my
> encrypted messages.

The *public* key is used to encrypt the message. The private key used
to decrypt a message. More specifically a symmetric key is usually
(always) generated and used to encrypt a message, the symmetric key in
turn is encrypted under the public key.

> If I'n not wrongh the private key cannot be
> retrieved from the smart card for security reasonts, isn't it? Thus,
> If this is true, the card will have to do the encryptation. How do I
> have to "order" the smartcard in my reader to do it.

O.k., so look at PKCS#11 which I think is the de-facto standard
nowadays for crypto on smart cards. PKCS#11 is an interface that let's
you send "orders" to your smart card. What you will typically do to
encrypt a message is "order" your smart card to find the public key you
want to use and return a handle, than "order" your smart card to
encrypt the message with that key. Similarly, you can have your smart
card decrypt a message without it ever sending you the private key (it
is done in the smart card).

You can export the private key if it is exportable.

OpenCryptoki is an example of an open-source library that implements
PKCS#11, it also provides a software token, so you don't need to have a
physical smart card reader to practice using it.

MSCAPI is an interface to crypto librairies on Windows, it is
different.

--Anton



Relevant Pages

  • Re: RSACryptoServiceProvider decrypt with public key
    ... key/decrypt with the private key and encrypt with the private key/decrypt ... encrypt data and send it back to Alice. ... only she can decrypt Bob's data. ... see the public key and the encrypted data, but she could not decrypt Bob's ...
    (microsoft.public.dotnet.security)
  • Re: how to have a gpg public key?
    ... Having just a public key doesn't do you much good. ... You need both a private key and a public key; ... can encrypt and decrypt your messages and you are just ...
    (Debian-User)
  • Re: DECRYPT with PUBLIC key (how to?)
    ... values in my application which would be decoded with my own public key which ... This is a very stupid thing to think that you can encrypt with private ... Private key operations often uses CRT ... Signature schemes and Encryption schemes have completely different ...
    (microsoft.public.dotnet.security)
  • Re: private to public decrypt now working
    ... would have the private key, all vice presidents would have a public key. ... All vice's could encrypt and only president could decrypt. ...
    (microsoft.public.dotnet.security)
  • [OT] Re: Basic question about Public Private Key Pairs
    ... > and private keys allow me to decrypt, but vice versa is not possible (or ... a public key and a corresponding private key. ... You can encrypt something with each key; ...
    (microsoft.public.dotnet.security)