My educated-layman's opinion is that the following is not feasible, but I'd be happy to be shown wrong ...
Given a closed public-key device such as a typical smart card with its limited set of operations (chiefly "sign"), is it possible to implement a challenge/response function such that
* Both the challenge and the response are short enough for an average user to be willing to type them when needed.
* The challenge can be generated, and the response verified using the cardholder's public key and a reasonable amount of computation.
What's wrong with sending the device encryption of a random number (using the public key of the device), and the device sending back the number as proof of possession of the corresponding secret key?
Best, Amir Herzberg
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
