Smartcard Support, open system security, law,( certificate sig removed)

Mark Kirchner
Mon Aug 25 01:45:02 2003


On Sunday, August 24, 2003, 11:19:28 PM, thomas wrote:
>> > If your private key is on the card and you loose the card, then you
>> > cannot issue a revocation, since you need the private key.
>> Only if you haven't created a revocation certificate - before you lost
>> the card / private key. (Well, I don't know for sure, but I guess that
>> revocation certs exist for smartcards also.) Creating one should be a
>> must-do when you set up a smartcard (also for "normal" keypairs...)
> So everybody needs a safely stored root certificate card
> AND a mobile certificate smartcard...?

Hmm, maybe I'm misunderstanding you, but a revocation certificate is
not some kind of root-key and also it (probably) isn't stored on a
smartcard, no need to do that. So, just one card.

> otherwise the system organisation would require a central issuer,
> we do not want, do we?

The revocation certificate is created using your own, private key (the
same one that is / will be stored on your card). It definitely needs
to be protected and safely stored, because everybody who's got it can
revoke your public key.
But in no case a central issuer is required.

Mark Kirchner

Key (0x19DC86D3) available: