Openpgp card serial numbers

Sten Lindgren ged at
Mon Jul 16 11:50:20 CEST 2007


Im currently working on an implementation of openpgp card on java card
(Currently working for signing, encryption with 1024 bit keys, trying to
get it work with 2048 bit key).
The specification for Openpgp card states that the serial number
(+ manufacturers ID) must be globally unique. I wonder if this is truly
needed or if "unique enough" would be ok.
The reason being that while organistaions could register a manufacrurer id
for issuing cards using the java card applet, it might not be practical
for smaller organisations or single individuals to do so in order to use
the Java card implementation.
If it is only used to identify cards from secret key stub in the secret
keyring wouldn't it be enough to register a single manufacturers ID for
use of javacard openpgp card and create a random serial number at applet
I know this would be a breach of the specification but if it is unlikely
to do any "harm" it might be a working compromise.

Sten Lindgren				ged at

More information about the Gnupg-users mailing list