Re: Smart cards and use the private key
Date: 01/13/05

Date: 13 Jan 2005 11:49:40 -0800

jordics wrote:

> If I'm not wrong i have to store a certificat in the Smart Cart which
> will contain my keypair and the other information desidered.

AWL talked about this, I won't re-iterate.

> After
> that I'll have to use the private key to encrypt the messages and the
> other one to be given to the partners in order to be able to read my
> encrypted messages.

The *public* key is used to encrypt the message. The private key used
to decrypt a message. More specifically a symmetric key is usually
(always) generated and used to encrypt a message, the symmetric key in
turn is encrypted under the public key.

> If I'n not wrongh the private key cannot be
> retrieved from the smart card for security reasonts, isn't it? Thus,
> If this is true, the card will have to do the encryptation. How do I
> have to "order" the smartcard in my reader to do it.

O.k., so look at PKCS#11 which I think is the de-facto standard
nowadays for crypto on smart cards. PKCS#11 is an interface that let's
you send "orders" to your smart card. What you will typically do to
encrypt a message is "order" your smart card to find the public key you
want to use and return a handle, than "order" your smart card to
encrypt the message with that key. Similarly, you can have your smart
card decrypt a message without it ever sending you the private key (it
is done in the smart card).

You can export the private key if it is exportable.

OpenCryptoki is an example of an open-source library that implements
PKCS#11, it also provides a software token, so you don't need to have a
physical smart card reader to practice using it.

MSCAPI is an interface to crypto librairies on Windows, it is