Management of signature keys for government

Dave Howe DHowe at tecsun.demon.co.uk
Mon, 02 Mar 1998 16:38:09 +0000 

<<< Brian Gladman <gladman@seven77.demon.co.uk> 03/02/98 02:19pm >>>
>>I don't know why, but I seem completely unable to see why
>>users can't generate their own keys for use in smart cards,
>>using their own trusted software, and uplink their own trusted
>>copy of the key to the smartcard.
>One issue in the self generation of keys is how to prevent a user
>repudiating their own key by revealing its private component.  One advantage
>(in principle) of 'on-card' signature key generation is that no-one - not
>even the owner - knows the value of the secret component of the key since
>this only ever exists on the card.   Of course the user can 'lose' the card
>but this is not quite the same as publishing the secret key component.
Hmm. You would need revocation certs (just as PGP does now) in case the
card was stolen. If the user is made responsible for any or all sigs up to the
point he registers the revocation cert with the public key repository....

>There are a number of ways in which a user could be prevented (or at least
>deterred) from revealing their own key but it is not clear (to me at least)
>whether any of these are practical in the real world.
Hmm. How about a two-stage encryption? each individual card is given a 
"pool" key (from a large enough pool that the odds of an individual user being
able to locate a second card with the same key are reasonably low), and the
signature is then countersigned with a second key? That would give both
the manufacturer and the user an irreproducable component.
I don't like the idea, but it would work....

<snip scrutiny>
I agree - particularly that the executable on the card must be capable of 
verification, while the key material cannot be read (I assume this is possible)
If nothing else, this should make the process cheaper - if you must load a
bootstrap executable to the card, copy your key with it, then load the
"real" executable and blow the link. If the algorithm is updated, then exactly
the same type of card can be used, but with the updated algorithm applied
(and obviously, a new key calculated)




Sig:                       __--= Dave =--__