OpenPGP card specification 2.0 improvement?

NIIBE Yutaka gniibe at
Fri May 13 08:47:23 CEST 2011


While using Gnuk USB Token, I found an issue of changing password.

I changed PW1, but I mistakenly put original PW1 as "12345678" while
correct one was "123456".  Since the prefix is same, password change
succeeded, adding "78" at the beginning for new PW1.  I noticed this
after I failed to be authenticated by new PW1, and saw debug log.

In the specification, section 7.2.3 CHANGE REFERENCE DATA says:

   The length of the existing password is known in the card, so that
   neither a delimiter nor padding for filling up fixed formats is

This is problem.  I think delimiter is needed so that it can detect
wrong input for the existing password.

More information about the Gnupg-devel mailing list