If I understand the handshaking of TLS/SSL between a host a client, the client sends a
certificate
to the host, then performs a RSA encryption operation using the certificate private
key on
challenge data sent by the host.
If the certificate and private key is located on a USB token/Smart Card, and the
private key is
marked as "sensitive" or "cannot be exported", then how does the Microsoft Browser
perform the
private key encryption using cryptoapi, when the private key cannot be exported? I
have searched
the cryptoapi documentation and cannot find any way to do this without using
CryptExportKey to
obtain the private key.
Ken
__________________________________________________
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
[EMAIL PROTECTED]
http://www.securenetterm.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
