Generating a certificate from the public key in Java Card Applet

Question

I want to send the public key of the private-public key pair (RSA 1024) generated in my applet to the host application/terminal. Now I have done this by sending the modulus and exponent to the terminal. But is it possible to send this public key in a certificate format? if yes then how?

Answer 1

Possible yes, but it would mean that you would have to implement a minimal Certificate Authority (CA) within your smart card.

And if this certificate is not self signed then you need to generate or import the private key of the CA as well. Furthermore, smart cards are often pretty restricted. For instance, to put an effective/expiry date in the smart card you need a clock. If the clock is not available then you need a trusted time source. If you have a trusted time source on a trusted system you might as well create the CA on that trusted system.

I won't get into the issues of memory management, the implementation of an on card ASN.1 library, the issue that the certificate won't fit in a normal APDU etc. etc. That's just the details.

So generally the amount of operations performed on a smart card is relatively limited. Implementation of a full CA is probably not what you want on such a constrained environment. What you can do however is to create a PKCS#10 compatible certificate request on the smart card and send it to a CA. Even that will be quite a bit of work though.