Thread: Extract Private Key Informations from Smart-Card
View Single Post
  #1  
Old 05-24-2020, 21:44
TmC TmC is offline
VIP
  
Join Date: Aug 2004
Posts: 328
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 22 Times in 16 Posts
TmC Reputation: 15
Extract Private Key Informations from Smart-Card
Good Morning to everyone.

I am starting this topic to ask some unusual informations about tools that might be able to help to extract Private-Key informations from Smart-Cards.

Backgrounds:

I live not far (but not near) to my parents'. Since they are aging, it's been some years that I'm having them apply for online services (even if they don't even know how to turn on a PC) so that I can help them in everyday life while being away (bank account problems and documentation, utilities bills and contracts, sanitary inspections and certifications and so on).
This way, they simply call me and, with the credentials, the aid of a secondary phone number to generate OTPs from and a VNC installed on the PC I configured in their home, I've always been able to accomplish all of the required tasks.

In these last years, in my country, the government is beginning to issue NFC ID Cards, Sanitary Smart Cards and Multilevel Identity Checks (which do always require something physical for most operations) which are beginning to pose serious issues to this form of "telematic assistance", since I can no more operate the way I used before.
What was easy to accomplish, simply sending scanned ID Card or Sanitary ID, now creates lots of problems, since a physical card is required and, differently from OTPs, there are no software tokens or software vaults to load the certificates into.

As for the moment, the only solution I found, is to involve them the process only as little as it is needed by purchasing a NFC and Smard-Card lector, connecting remotely to their PC and asking them to put onto/into the card as I need it.
This will obviously work as long as they'll be able to walk, talk and understand. Any problem that might compromise their ability to do such things, might also cause me not to be able to remotely help them anymore.

I obviously know that the security of the private key is what it's all about, otherwise Digital IDs would be totally useless, but I also know that hackers and crackers don't stay there watching without doing anything, so the question:

Is someone able to point me out some tools, documentation or other that might help me trying to pry out, in a non destructive way, the private key from a Smart Card/NFC Card?

Thanks in advance.
Reply With Quote