Hi Jan, my experience is this: the usb level serial number is ignored.
the pkcs#15 structure can contain a serial number, and opensc can print it. but usualy that is ignored too. the certificate and the rsa private key are the important parts, and if the certificate matches something (e.g. can be used for login, https authentication etc.), then the private key is used (if the user can enter the pin). how is the certificate matched? depends on the application. it can be a CN based match (e.g. ldap stuff), it can be the serial number, or in case of pam_p11 or openssh the certificate is ignored except for the public key parts, which are matched against .ssh/auhorized_keys. > Do you assume any problems with a generic USB serial number especially > when using the stick (or several sticks at the same time) with OpenSC? I guess that won't be a problem. except maybe several are blank, then it is hard to see which is which. and companies might like the blank device having a serial number for tracking in the inventory, handing out and returns etc., but at the price of normal tokens I guess that isn't done and a missing serial is not a big issue. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
