Hi Dominique and all,
> has anyone implemented the KeyImportCardService interface ?
IBM has implemented the KeyImportCardService interface for their
Multi-Function Cards (MFCs). Their implementing class
MFCKeyImportService comes as part of the export-restricted
packages available for download from the OCF website.
I'm not aware of other implementations but would be interested
to hear of them.
> I can't see how to
> implement the importAndValidatePrivateKey method, since I don't know what means
> the validation of a private key.
To establish trust in the incoming private key, the smartcard
uses a public key on the card to verify a signature computed over
the private key to be imported. (Presumably the private signing
key is already trusted, e.g. because it's part of a keypair
generated on the card.) The parameters of
importAndValidatePrivateKey() allow specification of:
* the destination card storage location for the private key (iff
the validation succeeds)
* the private key to be imported
* the signature value
* the card storage location of the public key to be used for
verifying the signature
I'm not certain of the interpretation of the keyInfo parameter.
My assumption is that it should correspond to the value of
key.getEncoded(), and further that the signature is computed over
keyInfo.
Regards
-Lewis
Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for
access to documentation, code, presentations, and OCF announcements.
-----------------------------------------------------------------------------
To unsubscribe from the OCF Mailing list, send a mail to
"[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the
message.
