Digital Signature Key (Optional)

The PIV digital signature key shall be generated on the PIV Card. The PIV Card shall not permit exportation of the digital signature key. If present, cryptographic operations using the digital signature key may only be performed using the contact interface of the PIV Card. Private key operations may not be performed without explicit user action.

The PIV Card shall store a corresponding X.509 certificate to support validation of the digital signature key.