Supporting fixed length keypad input

NIIBE Yutaka gniibe at
Tue Jan 8 09:31:18 CET 2013


In the OpenPGP card specification, the password (PIN) is variable

But not all card readers with pinpad support variable length input,
but support fixed-length input only.

I'd like to enhance GnuPG so that pinpad input will be possible with
such a reader.

I am considering the following.

(1) Add a option to SCDaemon.  Say, "opt.keypad_fixed_length" or
    something.  This is to enable handling of fixed length keypad
    input for SCDaemon.

    Instead, this could be a list of readers which should be used
    with fixed length configuration, but maintaining such a list
    would be difficult.

(2) Add protocol between SCDaemon and GPG-Agent.  SCDaemon inquires
    length of PIN to GPG-Agent, when needed.

(3) Upon inquiry by SCDaemon for the length of PIN, GPG-Agent will
    answer if it has the information at hand.  Or else, GPG-Agent will
    invoke pinentry to ask the length to the user, and reply back to

(4) GPG-Agent could store the length of PIN with secret key

I'm not sure if it would be useful for user to have GnuPG's command
line option to specify the length of PIN.

Any comments?

More information about the Gnupg-devel mailing list