I am developing and application that would need to certify data created by end users.
I know that I could use KeyChain API for that, but this API has what I believe would be a flaw for our application. Since KeyChain requires user access to certificates and therefore access to private keys, our application could be accused of stealing identity and forging data. I would need some way of certifying this data with user private key without being able to 'copy' the private key or sending somewhere else.
Is there anyway I could to this?
I am now looking forward smart cards and usb tokens, but would be glad if anyone else could share experience of implementations to solve similar issues or even suggesting something.