Smartcard Support, open system security, law,( certificate sig removed)
Mark Kirchner
mail@mark-kirchner.de
Mon Aug 25 01:45:02 2003
Hi,
On Sunday, August 24, 2003, 11:19:28 PM, thomas wrote:
>> > If your private key is on the card and you loose the card, then you
>> > cannot issue a revocation, since you need the private key.
>>
>> Only if you haven't created a revocation certificate - before you lost
>> the card / private key. (Well, I don't know for sure, but I guess that
>> revocation certs exist for smartcards also.) Creating one should be a
>> must-do when you set up a smartcard (also for "normal" keypairs...)
>
> So everybody needs a safely stored root certificate card
> AND a mobile certificate smartcard...?
Hmm, maybe I'm misunderstanding you, but a revocation certificate is
not some kind of root-key and also it (probably) isn't stored on a
smartcard, no need to do that. So, just one card.
> otherwise the system organisation would require a central issuer,
> we do not want, do we?
The revocation certificate is created using your own, private key (the
same one that is / will be stored on your card). It definitely needs
to be protected and safely stored, because everybody who's got it can
revoke your public key.
But in no case a central issuer is required.
Regards,
Mark Kirchner
--
Key (0x19DC86D3) available: http://www.mark-kirchner.de/keys/key-mk.asc