"Trei, Peter" <[EMAIL PROTECTED]> writes: >One other scheme I've seen, and which, while it doesn't give me warm fuzzies, >seems reasonable, is to issue the the enduser a smartcard with a keypair on >it. The SC generates the pair onboard, and exports only the public half. The >private half never leaves the SC (there is no function on the card to export >it). > >If you trust the above, then the only copy of the private key is on the SC, >despite it having been generated without the end users participation.
This also causes problems, because it's really, really hard to spread the key around if the only copy is on the card. Solutions I've seen are to multiplex a single card + reader across multiple machines, or (more commonly) to generate the key in software and then load it onto the card, with copies kept active on the host PC. This combines the benefits of smart card security and the flexibility of software crypto keys which can be copied and distributed as required. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
