Re: Openpgp card serial numbers
On Mon, 16 Jul 2007 11:50, [EMAIL PROTECTED] said: The specification for Openpgp card states that the serial number (+ manufacturers ID) must be globally unique. I wonder if this is truly needed or if unique enough would be ok. I have assigned the unmanaged S/N range: FF00..FFFE - Range reserved for randomly assigned serial numbers. Serialnumbers with manufacturer ID in this range are an exception to the rule that they should be unique. It is expected that such a serialnumber is assigned using a true random function which generates 5 bytes (4 for the actual serial number and one to select a manufacturer ID out of this range). Note, that the 0x is not part of this range. Implementers using serial numbers as a unique ID should keep in mind that duplicates may happen. Using the of manufacturer IDs out of this range should only be done if no other way of obtaining a manufacturer ID is possible. [Assigned 2007-07-17] I hope this satisfies your need. As written, it is an expection and should be avoided. In particular, if you target one specific card type it might be possible to use its native S/N and map it to a a proper serial number. We can then ask for a manufacturer ID to be used with this card and application. Salam-Shalom, Werner pgpky6i5DV6aI.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Openpgp card serial numbers
Hi Im currently working on an implementation of openpgp card on java card (Currently working for signing, encryption with 1024 bit keys, trying to get it work with 2048 bit key). The specification for Openpgp card states that the serial number (+ manufacturers ID) must be globally unique. I wonder if this is truly needed or if unique enough would be ok. The reason being that while organistaions could register a manufacrurer id for issuing cards using the java card applet, it might not be practical for smaller organisations or single individuals to do so in order to use the Java card implementation. If it is only used to identify cards from secret key stub in the secret keyring wouldn't it be enough to register a single manufacturers ID for use of javacard openpgp card and create a random serial number at applet instantiation? I know this would be a breach of the specification but if it is unlikely to do any harm it might be a working compromise. -- Sten Lindgren [EMAIL PROTECTED] ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Openpgp card serial numbers
On Mon, 16 Jul 2007 11:50, [EMAIL PROTECTED] said: The specification for Openpgp card states that the serial number (+ manufacturers ID) must be globally unique. I wonder if this is truly needed or if unique enough would be ok. Use a 0x as manufacturer ID. Thisis declared as a test card. keyring wouldn't it be enough to register a single manufacturers ID for use of javacard openpgp card and create a random serial number at applet instantiation? I also thought about this and we should reserve a range of manufacturer IDs just for this purpose. For example 0x8000..0xfffe + the serial number would give enough space for this. Let me check with Achim what we can put into the specs. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users