A weakness in smart card PKI certification

Smartcards are becoming an integral part of public key infrastructures since they are separate computing devices that can store and utilize private keys without ever revealing them. Since the private keys are generated, stored, and used onboard to sign/decrypt data, smartcards are ideal when in the hands of a trusted private key owner. But, it is well known that nonreputability is only achieved when the private key owner does not expose his or her own private signing key. This implies that a very strong threat model exists in smartcard security: the user is not trusted to keep his or her own private key secret. It is a point in fact that corporations worldwide are concerned with this very problem and are making efforts to ensure that their employees cannot disclose their own signing private keys. An employee that could do so could later repudiate signatures on purchase orders, sales, and other legally binding transactions. A weakness in smart card PKI certification is shown that allows users to spoof the key generation processes on their smartcards and in effect grant them access to the bits of their private keys. A simple countermeasure is given that thwarts the possibility of this attack.