You don't have to imagine them. They exist [0]. (Sorry, can't easily find a US link.) US government employees all have a CAC, as well, which is a crypto smartcard.
The key stays on the card. The card will do signatures and key generation, and also holds login/etc credentials. It works basically exactly like Malka says: bytes go in, signature comes out. It can likely do encryption as well, but you'd probably use it to generate a temporary key and then to sign the encrypted results, since the processor on cards is relatively weak.
The key stays on the card. The card will do signatures and key generation, and also holds login/etc credentials. It works basically exactly like Malka says: bytes go in, signature comes out. It can likely do encryption as well, but you'd probably use it to generate a temporary key and then to sign the encrypted results, since the processor on cards is relatively weak.
0: http://www.acs.com.hk/en/products/17/acos5-64-cryptographic-...