Re: smart card private key

alessiobiancheri@xxxxxxxxx wrote on 17/01/2008 10:52:
Hi everybody,
I would like to retrieve private key information from a smart card
using pkcs11 functions.
Now, it's possible to retrieve information about the private key and
fill a PRIVATEKEYBLOB structure? It's the right thing to do for insert
the private key in the system keystore?

- a PRIVATEKEYBLOB is not a PKCS#11 structure (but a CSP one)
- a private key is exportable only if its CKA_EXTRACTABLE attribute is set (and CKA_NEVER_EXTRACTABLE not set)
- inserting a smartcard private key into a system keystore is a nonsense (the cert associated with the key shall be present in the cert store to allow an application to use the right CSP but the key stays in the smartcard - also note that this is required to use the key-pair with a CSP interface, a PKCS#11 based application has nothing to do with the user/system store).