Re: smart card private key



alessiobiancheri@xxxxxxxxx wrote on 17/01/2008 10:52:
Hi everybody,
I would like to retrieve private key information from a smart card
using pkcs11 functions.
[...]
Now, it's possible to retrieve information about the private key and
fill a PRIVATEKEYBLOB structure? It's the right thing to do for insert
the private key in the system keystore?

- a PRIVATEKEYBLOB is not a PKCS#11 structure (but a CSP one)
- a private key is exportable only if its CKA_EXTRACTABLE attribute is set (and CKA_NEVER_EXTRACTABLE not set)
- inserting a smartcard private key into a system keystore is a nonsense (the cert associated with the key shall be present in the cert store to allow an application to use the right CSP but the key stays in the smartcard - also note that this is required to use the key-pair with a CSP interface, a PKCS#11 based application has nothing to do with the user/system store).

Sylvain.
.



Relevant Pages

  • Re: Strong Name Key
    ... This strong name consists of a public and private key and is used to ... After this a new key file will have been created. ... & private key information in it. ... You open the AssemblyInfo.cs/.vb file and add a new entry ...
    (microsoft.public.dotnet.languages.vb)
  • smart card private key
    ... I would like to retrieve private key information from a smart card ... Searching for certificates with private key - C_FindObjectsInit ... Retrieve the ID using C_GetAttributeValue with CKA_ID ...
    (microsoft.public.platformsdk.security)