PKI standards for java applets

Question

I am working on developing an java applet to access client's private and public key from his digital certificate. Currently i am able to access both the private and public key's from the digital certificate but i have doubt as to whether i am violating the PKI standards. Hence i have following questions,

1. What are the PKI standards related to access of private key from certificate through java applets?
2. Can we access private key through the java applet and store it?
3. Should we write the cryptography code in applets? If no, then what is the best practice which is as per PKI standards to access user's private and public key's from his digital certificate?

Answer 1

Public key cryptography is supposed to provide Non-repudiation, but if you "store" private key somewhere othner than the card, you just broke one important assumption "private key is only kwnown to its holder".

Computing a digital signature in applet using this key, is other thing, that's what they are for (private keys). If you do not transmit or transfer private keys over the network, or to any other storage location, than the card, you do not brake any assumptions. Your applet should use private key only for calculating digital signature.