Public Key Infrastructure (PKI) Applet
The Sepid PKI application is a PKI (Public Key Infrastructure) compatible applet that provides services based on digital certificates. In this applet, at least three key pairs (from RSA type up to 2048 bits long) can be defined for the users with different uses. The current uses specified for these key pairs are:
- Authentication key pair
- Digital signature key pair
- Encryption key pair
This applet provides both the ability to generate these key pairs directly on the card and the ability to inject them from outside in DER format. Access to the keys is protected with a PIN. In addition, the possibility of access control based on matching biometrics on the card (MOC) has also been implemented and can be applied. For each public key corresponding to these key pairs, a separate certificate with the X.509 standard can be obtained from the certificate center and loaded onto the card. These certificates are stored and protected in the data structure specific to this applet.
The combination of these keys and corresponding certificates can provide a wide variety of services. For example, this applet can be used to authenticate the user to access organization services with a high-security factor according to protocols based on asymmetric encryption and digital certificates. Also, a person uses his card to digitally sign documents and information in the organization's administrative automation system.
Technical specifications of the PKI applet
- Technology: Java applet
- Platform:
- JCDK 2.1.2 and above
- Global Platform 2.1.1 and above
- Memory size required for loading and installation: 6 KB
- The amount of memory required to load data: at least 10 KB. The maximum memory required depends on the customer's needs and the number of pairs of keys and digital certificates on the card.
- Minimum (important/higher) card requirements:
- Support for RSA asymmetric encryption algorithm up to 2048 bits long
- Support for RSA key pair generation mechanism on the card
- Support SHA-256 hash function
