Allowing key import

[frankmorgner]

What's the reason for the key import being disabled by default (https://github.com/philipWendland/IsoApplet/blob/master/src/net/pwendland/javacard/pki/isoapplet/IsoApplet.java#L62)?

[philipWendland]

I discourage its use. I don't think that this is the right way to use a smart card.

From the Wiki:

Private key import

DEF_PRIVATE_KEY_IMPORT_ALLOWED (default: false): Configure whether it is allowed to import usable private keys. If allowed, you can use pkcs15-tool --import-key to import any off-card created private key to your smartcard.

Attention! Importing private keys is not recommended. The key generation process is the weakness of asymmetric cryptography. The data transmission channel to your smartcard is not encrypted. In some circumstances, an attacker could sniff your private key while you import it to your smartcard. An attacker could also read your private key even before it is imported to the smartcard. For that reason I recommend to use the on-card key pair generation feature of the applet. If the key is generated on the card, and never leaves your card (because cryptographic operations using that key are performed directly on the smartcard - that is the reason for smartcards!), chances are lower that the key is compromised. However, there are circumstances that could require you to safely keep a copy of the private key in order safeguard yourself from locking of the applet or destruction of the card. In this case, you can use the private key import feature, and I presume you know what you are doing.

[frankmorgner]

This should be a choice made by the user.

Personalization is always a critical process whether the key is imported or not. If you're generating the key on the card you still need to make sure that you're not issuing a certificate for an other key. If you have those technical and organizational measures in place then you could use to secure the process for externally generating a key and importing a key to the card.

[lucasperin]

I disagree. I think this option should be done by the card provider/developer. If the user wishes to have a card that allows imported keys and he knows what he is doing, then he should ask for a card for this specific purpose. Allowing user to have high customization options for a cryptographic card is shooting yourself in the foot. The user generally doesn't know what he is doing and will blame your or your company for providing "insecure" services.

"DEF_PRIVATE_KEY_IMPORT_ALLOWED (default: false)" is the right choice when sharing this applet on github. You can fork it and change it if you must.

[philipWendland]

I agree with @lucasperin. However, i might consider your input @frankmorgner if I find the time to extend the IsoApplet with a SO PIN or similar.