philipWendland
commented
7 years ago Hi, the public key is being written into the file system according to the PKCS#15 standard during/after the key generation by OpenSC. So there is no need to traverse the complete file system. See PKCS#15 and let me know if you have further questions.
I noticed that there is no APDU command specifically meant to extract a particular Public Key from the card except during private key generation procedure. One alternative would probably be to store the public key into the ISO filesystem after key generation but this would be a problem if between different programs, they need to use a shared private key. One use case is an email signing program would generate the keypair but this private key would also be used for secure remote login program. The lack of ability to read the public key with a dedicated APDU command would mean that programs would need to traverse the entire filesystem or need to know the format of the public key stored into the ISO filesystem to be able to use the key in the card.
I hope consideration into a dedicate GET_PUBLIC_KEY command can be created for this purpose to allow all programs relying on IsoApplet to access the public keys in a uniform manner.