Hi,
The method described there generates the keypair in your browser and sends the certificate off to the CA to be signed. This is then encrypted into a file (PKCS#12) that you can backup. You then can import this PKCS#12 file (by providing the encryption password) onto the token. So the security of this method is really based upon on secure your desktop is ....
You can choose to just point Mozilla/Firefox off to the PKCS#11 token as well and it will generate the key on the card. Personally, I prefer having a backup for when I upgrade cards or possibly lose it ....
Thanks, Dave
On May 12, 2005, at 9:35 AM, Karsten Ohme wrote:
On of the most important facts about a smart card is, that the private key never leaves the card. It is generated there and stays there. If I request a certificate from Thwate like in the How To:
http://alioth.debian.org/docman/view.php/30111/8/musclecard.howto.txt
Whats is done there? A key pair is created and my public key is read and I get a certificate? Or is it done at the insecure computer and the result is transmitted?
Bye, Karsten _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
