Options for pinpad entry

Werner Koch wk at gnupg.org
Thu Jan 5 10:12:21 CET 2012

On Thu,  5 Jan 2012 05:08, gniibe at fsij.org said:

>   (1) Characters supported by pinpad is limited (usually it's only
>       decimal digits).  When your pass phrase include non-digit
>       character, you can't verify with pinpad.

I think we should have a check for a new PIN to make sure that
it only has digits. agent/call-pinentry.c has even this code:

      if (!errtext && pininfo->min_digits)
          /* do some basic checks on the entered PIN. */
          if (!all_digitsp (pininfo->pin))
            errtext = _("Invalid characters in PIN");
          else if (pininfo->max_digits
                   && strlen (pininfo->pin) > pininfo->max_digits)
            errtext = _("PIN too long");
          else if (strlen (pininfo->pin) < pininfo->min_digits)
            errtext = _("PIN too short");

Nowever I can't find a place were min_digits is set.  This - now unused
- check is there since 2002.

> For (2), --fixed-length-pin (or something) as a command line option
> would be good.  And it assumes 6 characters for user's pass phrase
> and 8 characters for admin's pass phrase and reset code.

This should depend on the current application.  The above values are
good for OpenPGP cards but other cards may have different defaults. 



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list