I recently started to study chip cards with ECC features. Basically, I want to have a java card that can calculate ECC signatures, and offers some security guarantees that the key used for signing will only be stored on the card itself (ie that it can not be extracted).
During the research, I found many maps that contain an EXPORT KEY or GET KEY command that allows you to export the private key. This is a very undesirable feature for my application. Does anyone have experience with a similar problem? Are there any cards that categorically prevent the extraction of private keys? If not, is there an agreed way to limit these functions?
I researched this for a while, but am a bit lost given the wide variety of maps. I would really appreciate help / hints.