1

I have a [root] certificate with private key stored on a smart card. I want to create another certificate signed with the root essentially becoming a ca. I found several ways to do something similar, however, all the examples have root certificate along with the private key stored locally in a *.pfx file or local key store. In my case the root certificate and the private key are on a smart card.

Is there a way to do it on Windows (I am on Windows 10 x64)? If there is no way to do it in Windows, is it possible to do it on Linux? I could not find a way to do it using makecert or similar tool, but maybe I just did not look hard enough.

Thank you in advance for any suggestions.

Alex Gdalevich
  • 685
  • 7
  • 15
  • 1
    If you can suggest a way to do it in .NET/C# that will be great too. I explored Bouncy Castle API, but could not find how to use smart card. – Alex Gdalevich Jul 16 '20 at 15:51
  • Your desired certificate is presumably X.509? Smart cards don't typically generate such complicated stuff out of the box. You could of course create a simple signature of the respective data, but then you have to know, which data objects to combine, pad, hash and how to construct those data objects and the resulting signature into a X.509 certificate. I share your assumption, that bouncy castle does not assist in the core computation. – guidot Jul 20 '20 at 10:49

0 Answers0