Tuesday, September 25, 2001 04:32 AM
When it comes to security services (cryptography, PIN management), a strong degree of confidentiality is required.
For example, an secure applet will almost never allow an RSA private key to be extracted, except under very specific circumstances and with very strong security measures.
In other words, an applet will internally generate an RSA key pair, make the public key available to the outside world, and keep the private key to itself.
When a digital signature is requested, the applet will not divulge the private key. Rather, the CAD will send the data to sign, and the applet will internally compute the digital signature and return it.
That way, the sensitive data (private key) is always kept secret and never revealed to the outside world.
It was just an example for an RSA digital signature, but there are many more applications. In each case, the common denominator is SECURITY.
When it comes to confidential data (PINs & cryptographic keys), the data won't be readable, but the applet will provide the necessary commands to use it without revealing it.