CA is not the device to make the signature or to orchestrate the signature process. They issue the modules (smartcards) which hold the key and calculate the signature (in order to avoid the key to leave the card). And in order to use the smartcards you need to use aproved hard and software devices (especially the software must show clearly what will be signed and it must be hard to trick the software to send something else to the card for signing).

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/infocus/1756/1381#1381