Le 04/04/2011 20:35, Douglas E. Engert a écrit : > Yes. The PIV-Compatible defines a GUID in the CHUID. These would be non-US-gov > issued cards. The test cards I generate used the Solaris 10 /usr/bin/makeuuid > to generate a GUID. The FASCN then starts with 9999. > > But the real US-gov issued cards have a FASCN that is 25 bytes long, > and the GUID is 30303030303030303030303030303030 on many of these cards.
Well, I venture to resume. The FASCN is unique inside the federal namespace . For the non-federal usage the FASCN starts from 9999 and there is an additional TLV record with the real GUID . So, the concatenation of FASCN and TLV-GUID is unique across all the namespaces - federal and non-federal . So, the digest of FASCN & TLV-GUID can be used as a source of uniqueness of a needed size . So, for minidriver there is no need to change the GUID format of the key-container identifiers . I would like to have your (non)confirmation on this last point. So that we can decide should the card specific 'guid' callback return the serialized form of GUID (in this case you can use any format you want), or just the binary source of GUID (and it will be serialized by the general procedure) . Another question, does the possibility to compile OpenSC-PIV driver without OpenSSL is important for you ? If yes, there is no question -- the callback will be designed to return the serialized form of GUID . -- Viktor Tarasov <viktor.tara...@opentrust.com> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
