On 3/25/2011 1:56 PM, Martin Paljak wrote: > Hello, > > On Mar 25, 2011, at 20:44 , Douglas E. Engert wrote: >> On 3/25/2011 1:22 PM, Martin Paljak wrote: >>> >>> On Mar 25, 2011, at 20:19 , webmas...@opensc-project.org wrote: >>> >>>> Revision: 5271 >>>> Author: vtarasov >>>> Date: 2011-03-25 18:19:28 +0000 (Fri, 25 Mar 2011) >>>> >>>> Log Message: >>>> ----------- >>>> cardmod: when getting serial number use GET_SERIAL ctl call ... >>>> >>>> rather then card->serialnr value. Not all card drivers initialize this >>>> member. >>> >>> >>> Feel free to file a bug for this as well, to make sure that >>> active/"compliant" drivers would implement it consistently. >> >> An interesting side note: The PIV driver is designed to use the PIV >> application >> on whatever type of card it is on. The PIV specs do not define how to >> retrieve the >> serial number. And no attempt is made to get the actual serial number from >> the card. >> >> But the OpenSC PIV code and the Microsoft code need something to use as a >> serial number, >> and both do this by reading one of the objects define by NIST, the CHUID, >> and get either >> the FASC-N or the GUID in this object to use as a "serial number". These are >> unique. >> >> So even if a card contained 2 PIV applications, or a PIV application >> and some other application they might have different serial numbers. >> >> So it is not clear if the card->serialnr should be set. > > Maybe I don't know the background but the serial number of the card object is > only to distinguish between two cards of the same type. > > Maybe the field (and/or control code) should be renamed to "unique id" or > something more specific, as different profiles have different ideas for a > serial number. > ICC serial number vs visual ID serial number vs other stuff. > > Martin >
I agree, it is not consistent. In CSP/cardmod world, something is need to define the key container, and it looks like Microsoft on W7 is doing the same thing as OpenSC and reading the CHUID to get something that is unique. I found this out by trying a card without a CHUID. THe card was not recognized on W7. After creating a CHUID object on the card, it does work, and it uses the FASC-N or GUID I created in the key container name. If the FASC-N starts with 9999, then GUID from the CHUID, is used thus opening up the PIV specs to allow non-US gov PIV compatible cards. -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
