Supporting fixed length keypad input
NIIBE Yutaka
gniibe at fsij.org
Tue Jan 8 09:31:18 CET 2013
Hello,
In the OpenPGP card specification, the password (PIN) is variable
length.
But not all card readers with pinpad support variable length input,
but support fixed-length input only.
I'd like to enhance GnuPG so that pinpad input will be possible with
such a reader.
I am considering the following.
(1) Add a option to SCDaemon. Say, "opt.keypad_fixed_length" or
something. This is to enable handling of fixed length keypad
input for SCDaemon.
Instead, this could be a list of readers which should be used
with fixed length configuration, but maintaining such a list
would be difficult.
(2) Add protocol between SCDaemon and GPG-Agent. SCDaemon inquires
length of PIN to GPG-Agent, when needed.
(3) Upon inquiry by SCDaemon for the length of PIN, GPG-Agent will
answer if it has the information at hand. Or else, GPG-Agent will
invoke pinentry to ask the length to the user, and reply back to
SCDaemon.
(4) GPG-Agent could store the length of PIN with secret key
information.
I'm not sure if it would be useful for user to have GnuPG's command
line option to specify the length of PIN.
Any comments?
--
More information about the Gnupg-devel
mailing list