Options for pinpad entry
gniibe at fsij.org
Thu Jan 5 05:08:03 CET 2012
While adding lower level support for pinpad entry, I am considering
that it is better to have some user options for the feature. That's
(1) Characters supported by pinpad is limited (usually it's only
decimal digits). When your pass phrase include non-digit
character, you can't verify with pinpad.
(2) There are card readers which don't support variable length pass
phrase. For those readers, the length of pass phrase should be
known to host in advance.
Currently, scdaemon has an option:
Even if a card reader features a keypad, do not try to use it.
But this is not a command line option of GnuPG.
For (1), --enable-keypad (or something) as a command line option
would be good (and --disable-keypad for scdaemon will be not needed).
For (2), --fixed-length-pin (or something) as a command line option
would be good. And it assumes 6 characters for user's pass phrase
and 8 characters for admin's pass phrase and reset code.
Your comments are appreciated.
More information about the Gnupg-devel