Depends of the card of course, but in general the answer is yes. It is
trivial to extract the private key and the certificate from the PKCS#12, but
formatting the key to the card format may be hard, since typically the card
vendor's specification is not very detailed.
We have implemented private key import for SetCos 3.4, SetCOS 4.3, MioCOS 1,
Gemplus GPK 8K, and Schlumberger 8K cards.
For some cards, the key has to be formatted properly (e.g there are some
restrictions to the modulus of the RSA exponent).
All the cards want to key to be feed in in different proprietary formats:
SetCOS accepts the key in a form of CRT (Chinese remainder Theorem) format,
but also accepts another proprietary format.
MioCOS uses BER encoded blob of the RSA numbers.
Schlumberger has IMO the hardest way of importing. It needs big numbers in
CRT format. Also you have to calculate Montgomery constants, which the card
uses internally. Schlumberger Cryptoflex 8k card also requires that you
allocate the space for all the keys you are going to need before you created
a single key, which makes dynamic card updates a bit trickier.
Gemplus GPK also uses CRT format, but only accepts the key in the protected
mode. (The traffic between the host and the card needs to be encrypted). The
big numbers are given to it in the LSB byte order.
Hope this helps,
Vesa
---
Vesa Suontama <[EMAIL PROTECTED]> Tel: +358-40-700 0131
Fax: +358-9-8565 7151
SSH Communications Security Corp Fredrikinkatu 42
http://www.ssh.com FIN-00100 Helsinki, Finland
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of David Corcoran
> Sent: Thursday, March 14, 2002 4:30 PM
> To: [EMAIL PROTECTED]
> Subject: MUSCLE PKCS-12
>
>
> From: "cch" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Off Topic: Import PKCS12 key into an RSA card
> Date: Thu, 14 Mar 2002 16:56:27 +0800
>
> Hi,
>
> Sorry for the off topic issue.
>
> Can a PKCS#12 key/cert file be imported into an RSA card, so that =
> the private key can be used as if it was generated in the card. I think =
> this question is equivalent to "can a private key be written/added into =
> an RSA card"?
> =20
> Loren
>
>
> ------=_NextPart_000_003D_01C1CB79.2E978D90
> Content-Type: text/html;
> charset="big5"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META content=3D"text/html; charset=3Dbig5" http-equiv=3DContent-Type>
> <META content=3D"MSHTML 5.00.3502.4856" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DMingLiu size=3D2>
> <DIV><FONT face=3D=B2=D3=A9=FA=C5=E9 size=3D2>Hi,</FONT></DIV>
> <DIV> </DIV>
> <DIV><FONT face=3D=B2=D3=A9=FA=C5=E9 size=3D2> Sorry =
> for the off topic=20
> issue.</FONT></DIV>
> <DIV> </DIV>
> <DIV><FONT face=3D=B2=D3=A9=FA=C5=E9 size=3D2> Can a =
> PKCS#12 key/cert file be=20
> imported into an RSA card, so that the private key can be used as if it =
> was=20
> generated in the card. I think this question is equivalent to "can a =
> private key=20
> be written/added into an RSA card"?</FONT></DIV>
> <DIV><FONT face=3DMingLiu size=3D2></FONT> </DIV>
> <DIV><FONT size=3D2><FONT=20
> face=3DMingLiu>Loren<BR></FONT></DIV></FONT></FONT></DIV></BODY></HTML>
>
> ------=_NextPart_000_003D_01C1CB79.2E978D90--
>
> ***************************************************************
> Unix Smart Card Developers - M.U.S.C.L.E.
> (Movement for the Use of Smart Cards in a Linux Environment)
> http://www.linuxnet.com/
> To unsubscribe send an email to [EMAIL PROTECTED] with
> unsubscribe sclinux
> ***************************************************************
>
***************************************************************
Unix Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/
To unsubscribe send an email to [EMAIL PROTECTED] with
unsubscribe sclinux
***************************************************************
