[xmlsec] Web form signing

Aleksey Sanin aleksey@aleksey.com
Thu, 09 Jan 2003 00:49:25 -0800


First of all, tt's well known but worth repeating: where is no 
"unbreakable"
systems. It's only a matter of price, resources and time.

It's not necessary that software has access to the private key. You 
might have
smart card that stores private key (and simply has no api "export 
private key").
Plus an ability to do RSA or DSA signature *on the smart card*. In this 
case,
private key never leaves smart card (except a case when someone steals 
it and
uses a very expensive hardware to "slice" smart card chip). In the 
described case,
additional software simply calls a smart card function "RSA sign" given 
data
using key with name XXX. There are a lot of different solutions 
available on
the market (www.google.com). The price and features vary and you might 
easily
find what you need.

Other options include "trusted" software (i.e. you read the sources, 
sign compiled
binaries as well as the startup environment including all system 
libraries, etc. and
always check that nobody modified all this stuff before giving up 
private key).
It is very difficult (imho, impossible) to make this absolutelly 
unbreakable (> a couple
weeks of a good engineer work) on Intel (w/o additional hardware like 
smart cards).
Thought, there are some platforms there it might be done but it's 
basically the same
trick with some sort of special hardware available on such platforms.

Aleksey