Le 30/03/2011 18:38, Viktor TARASOV a écrit : > What would you say if we accept the 'classic' GUID form as a default one, > and give the possibility to define its own format to the pkcs15 card driver ? > A new sc_pkcs15_operations callback will be used: > http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/pkcs15.h#L462 > > If no objections I'll prepare the patch.
After more reflexions it seems that I've got the reason of these debates -- PIV card is believed to not have the source of the trusted uniqueness to build the key-container identifier with the length of 16 bytes . The 16 bytes of the PIV card's serial is believed to not contain the random of sufficient length (15 bytes to satisfy the OpenSC-PIV and 13 bytes for W7-PIV ). (IMHO some sha1() over the serial would solve the problem, but, ... ) Other cards can use for this purpose the intrinsic identifier (that is in fact the sha1()). I don't think that we should bring these fears and doubts into the minidriver itself and try to resolve them on this level. It's up to the card specific level to supply the unique GUID and for this purpose the 'guid' pkcs15 callback is proposed. This callback could have some default implementation. For this default method I would propose to use an intrinsic ID as a source of uniqueness, but without any insistence. -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
