Hi Im currently working on an implementation of openpgp card on java card (Currently working for signing, encryption with 1024 bit keys, trying to get it work with 2048 bit key). The specification for Openpgp card states that the serial number (+ manufacturers ID) must be globally unique. I wonder if this is truly needed or if "unique enough" would be ok. The reason being that while organistaions could register a manufacrurer id for issuing cards using the java card applet, it might not be practical for smaller organisations or single individuals to do so in order to use the Java card implementation. If it is only used to identify cards from secret key stub in the secret keyring wouldn't it be enough to register a single manufacturers ID for use of javacard openpgp card and create a random serial number at applet instantiation? I know this would be a breach of the specification but if it is unlikely to do any "harm" it might be a working compromise.
-- Sten Lindgren [EMAIL PROTECTED] _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
