That's not how (these types of) smart cards work. The card is smart, and performs private key operations on board the card. All the host gets are session keys, hashes, etc. By design, the private key memory of the card can only be written, at a specially configured programming station. That doesn't mean there aren't user-readable or re-writable areas on the card, but the credential private keys aren't among them. The hardware literally doesn't support reading back private keys, only overwriting them. Any key escrow is accomplished by the programming station, when the card is first written.