Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Smart Card
From: Peter Gutmann (pgut001cs.auckland.ac.nz)
Date: Fri Apr 30 2004 - 10:56:35 CDT
"Michael Silk" <silkmhushmail.com> writes:
>I think that if the smart card reader (scr) and the client program (cp)
>establish a ssl-type connection then the only opportunity to observe the
>private key, certificate, is by inspecting the memory of cp. However I don't
>believe that this (or any?) smart cards to this ...
I'm not aware of any readers that establish SSL connections (they wouldn't be
much use if they did, because the PC wouldn't be able to take advantage of the
SSL channel). It's the host PC that does this, and once the host PC is
compromised you're toast, smart card or none.