From: Peter Gutmann (pgut001cs.auckland.ac.nz)
Date: Fri Apr 30 2004 - 10:56:35 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Michael Silk" <silkmhushmail.com> writes:

>I think that if the smart card reader (scr) and the client program (cp)
>establish a ssl-type connection then the only opportunity to observe the
>private key, certificate, is by inspecting the memory of cp. However I don't
>believe that this (or any?) smart cards to this ...

I'm not aware of any readers that establish SSL connections (they wouldn't be
much use if they did, because the PC wouldn't be able to take advantage of the
SSL channel). It's the host PC that does this, and once the host PC is
compromised you're toast, smart card or none.

Peter.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]