OpenPGP card specification 2.0 improvement?

Sébastien Lorquet squalyl at
Fri May 13 09:52:30 CEST 2011


This is true. Additionnaly, the C4 tag only gives the *maximum* length for
each pin, not the exact length.

the data in CHANGE REF DATA should be LV coded, with one byte giving the pin
length :

00 24 00 8X XX <actual pin length> <actual pin> <new pin length> <new pin>

as an alternative, we could have a GET DATA tag with the actual pin lengths.


On Fri, May 13, 2011 at 8:47 AM, NIIBE Yutaka <gniibe at> wrote:

> Hi,
> While using Gnuk USB Token, I found an issue of changing password.
> I changed PW1, but I mistakenly put original PW1 as "12345678" while
> correct one was "123456".  Since the prefix is same, password change
> succeeded, adding "78" at the beginning for new PW1.  I noticed this
> after I failed to be authenticated by new PW1, and saw debug log.
> In the specification, section 7.2.3 CHANGE REFERENCE DATA says:
>   The length of the existing password is known in the card, so that
>   neither a delimiter nor padding for filling up fixed formats is
>   necessary.
> This is problem.  I think delimiter is needed so that it can detect
> wrong input for the existing password.
> --
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110513/6c55cfd4/attachment-0001.htm>

More information about the Gnupg-devel mailing list