Monday, January 7, 2002 12:45 AM
Hi Scott, here are some answers for you.
Any data that has to be processed by the card (i.e. by an application running on the card) must be sent to the card using APDUs. Please refer to the Java Card specs and the FAQ if you feel incomfortable with APDUs.
As far as signatures are concerned, it's pretty much the same story. The data to sign has to be sent by the terminal to the card, using one or more APDUs. Once the signature has been performed, the card will return the signature to the terminal.
For sample code (and lots of info), I would really recommend the Java Card book mentioned in the FAQ. It's really great for beginners.
Finally, keys are objects: when a key is generated, its components will be stored as byte arrays inside the relevant type of Java Card object (RSAPrivateKey, RSAPublicKey, etc). Each component can then be fetched or modified, using the get/set methods.
Hope this helps.