Options for pinpad entry

NIIBE Yutaka gniibe at fsij.org
Thu Jan 5 05:08:03 CET 2012

While adding lower level support for pinpad entry, I am considering
that it is better to have some user options for the feature.  That's

  (1) Characters supported by pinpad is limited (usually it's only
      decimal digits).  When your pass phrase include non-digit
      character, you can't verify with pinpad.

  (2) There are card readers which don't support variable length pass
      phrase.  For those readers, the length of pass phrase should be
      known to host in advance.

Currently, scdaemon has an option:

        Even if a card reader features a keypad, do not try to use it.

But this is not a command line option of GnuPG.

For (1), --enable-keypad (or something) as a command line option
would be good (and --disable-keypad for scdaemon will be not needed).

For (2), --fixed-length-pin (or something) as a command line option
would be good.  And it assumes 6 characters for user's pass phrase
and 8 characters for admin's pass phrase and reset code.

Your comments are appreciated.

More information about the Gnupg-devel mailing list