The SmartCard-HSM was designed as an user-centric device, allowing you full control over your keys.
It works very much like the key ring that holds your keys to open doors - but instead of doors you open computers, websites, encrypted files or protected e-mails.
A SmartCard-HSM stores cryptographic keys, which basically are very large secret numbers. A typical key stored on a SmartCard-HSM has around 600 digits (2^2048 for a 2048 bit RSA key). You can easily imagine that guessing such a large number is very, very difficult. However, copying a 600 digit number is a simple task for a computer, and you don't even realize that is was copied.
That is why it is so important to protect the key on a device where it can not be copied. And this is important for the whole life of the key, from generation to deletion. If at some point in time the key is outside of its protected housing, then you can't be sure that no copies have been taken.
This of course leads to the question how keys can be used if they never leave a SmartCard-HSM ? The answer is simple: All cryptographic operations must be performed inside the SmartCard-HSM. You send the data into the SmartCard-HSM and it returns the result of the cryptographic operation. The beauty of cryptography is, that it is virtually impossible to guess the secret key from data that goes in and out. The only way is brute-force - you need to try all possible keys. Again, imagine that for a key with 600 digits.
But why is it impossible to copy a cryptographic key stored on a SmartCard-HSM ? That is because protecting cryptographic keys is the main (if not only) purpose of the smart card technology used in a SmartCard-HSM. This mechanism is at the heart of any credit card with chip, your national id card or your passport. If it wasn't possible to achive this protection, then these cards wouldn't exist.
But what about the software required to do that ? How can I trust it ? The honest answer is, that to a certain degree you need to trust CardContact, like we have to trust the hardware and operating system vendor for the smart card chip. At least for the hardware and operating system an independent security evaluation has been performed under the Common Criteria scheme for the three chips JCOP 2.4.1r3, JCOP 2.4.2r3 and JCOP 3 we use in our product. This ensures that the security mechanisms are in good shape. Ideally that same security evaluation would be performed for the SmartCard-HSM applet code as well. Unfortunately this is a very expensive process that would drive the cost of a SmartCard-HSM to an unacceptable level. We still have that on the list, but only if it becomes economically feasible.
Once you have your SmartCard-HSM, there are three ways to get started:
- Activate your access to the CardContact Developers Network using the procedure described here. This will provide you with a key on your SmartCard-HSM to log into the CDN.
- Subscribe at the PKI-as-a-Service Portal and create your own CA in the Cloud-PKI.
- Follow the XCA tutorial to setup a certification authority and issue your own certificates.