Am Donnerstag, 27. März 2008 15:23:59 schrieb Timothy J Miller: > I should point out that this is bad practice for keys used for data > encryption, as loss or damage of the card can result in loss of the > protected data. US DoD, for example, generates the signature keys on > card, but encryption keys off-card and securely injects them, also > saving them in a key escrow system. US Federal PIV recommends the > same to implementers. > > So if OpenSC doesn't have this capability, it sorely needs it.
I believe this is a problem of key management, not of accessing the smart card. Thus it should be solved in a higher level - and since we have no real higher level (pkcs#11 interface is pretty low level), the problem must be solved in the application. personally I believein smart cards for authentication purpose only, but neither for encryption, decryption or signing. but this is my personal preference, nothing more. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
