On 4/5/2011 2:55 AM, Viktor TARASOV wrote: > Le 04/04/2011 20:35, Douglas E. Engert a écrit : >> Yes. The PIV-Compatible defines a GUID in the CHUID. These would be >> non-US-gov >> issued cards. The test cards I generate used the Solaris 10 /usr/bin/makeuuid >> to generate a GUID. The FASCN then starts with 9999. >> >> But the real US-gov issued cards have a FASCN that is 25 bytes long, >> and the GUID is 30303030303030303030303030303030 on many of these cards. > > Well, I venture to resume. > > The FASCN is unique inside the federal namespace . > For the non-federal usage the FASCN starts from 9999 and there is an > additional TLV record with the real GUID . > So, the concatenation of FASCN and TLV-GUID is unique across all the > namespaces - federal and non-federal . > So, the digest of FASCN& TLV-GUID can be used as a source of uniqueness of a > needed size . > So, for minidriver there is no need to change the GUID format of the > key-container identifiers .
Yes, but The current code truncates the concatenated string. If it truncated a string from above, it would loose much of the FASCN and all the GUID. So some other way to shorten the string, or use a hash is needed such as the RFC 4122 4.3 Algorithm for Creating a Name-Based UUID. But this needs sha-1, md5 or some other simple hash function. See comment on OpenSSL below. > > I would like to have your (non)confirmation on this last point. > So that we can decide > should the card specific 'guid' callback return the serialized form of GUID > (in this case you can use any format you want), > or just the binary source of GUID (and it will be serialized by the general > procedure) . I would the serialized, so some cards do not have to follow the GUID format. This could eliminate the need to have a hash function for OpenSSL. > > Another question, does the possibility to compile OpenSC-PIV driver without > OpenSSL is important for you ? The PIV client side does not need OpenSSL. (It does need zlib) The piv-tool which is only used by an admin and never by a user needs OpenSSL and is not needed on Windows. So it is not important to have OpenSSL other then if some hash function is needed. I don't see any built in hash function in OpenSC. > If yes, there is no question -- the callback will be designed to return the > serialized form of GUID . > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
