OpenPGP card specification 2.0 improvement?
Sébastien Lorquet
squalyl at gmail.com
Wed May 18 15:04:58 CEST 2011
ISO7816-4-2005 allows a CHANGE REFERENCE DATA without the old data, by
setting P1=01h
The spec could use this version, and require the previous verification of
the pin by VERIFY PIN.
With the current spec, the actual length of the PIN shall be available
somewhere. The current data only indicates the maximum length, thus implying
the PIN length is variable, but CHANGE REFERENCE DATA does not allow this.
Speaking of spec updates, I have more ideas, mainly the AID shall not
contain the serial number and the card shall use files instead of data
objects. Is a v3 spec planned for some day?
Regards
Sebastien Lorquet
On Wed, May 18, 2011 at 2:54 PM, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 17 May 2011 02:31, gniibe at fsij.org said:
>
> > If a card supports variable length of PIN, it would be better to have
> > format to specify length of input on host side.
>
> The standard does not allow for this. Hwoever there is a simple
> workaround: Do a VERIFY for the old PIN first to see whether it is
> correct and only then assemble the CHANGEREFERENCEDATA.
>
>
> Shalom-Salam,
>
> Werner
>
>
> --
> Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110518/d57329d9/attachment.htm>
More information about the Gnupg-devel
mailing list