I recently started studying smart cards with ECC features. Basically, I want to have a Java card that can calculate ECC signatures and offer some security guarantees that the key used for the signature is only stored on the card itself (that is, it can not be extracted).
While researching this, I found many cards that have some EXPORT KEY or GET KEY command that allows you to export the private key. This is a very undesirable characteristic for my use case. Does anyone have any experience with a similar problem? Is there a card that categorically prevents the extraction of private keys? If not, is there an agreed way to limit these functions?
I have researched this for a while, but I am somewhat lost given the great variety of cards that there are. I would really appreciate some help / pointers.