Supporting fixed length keypad input
gniibe at fsij.org
Tue Jan 8 09:31:18 CET 2013
In the OpenPGP card specification, the password (PIN) is variable
But not all card readers with pinpad support variable length input,
but support fixed-length input only.
I'd like to enhance GnuPG so that pinpad input will be possible with
such a reader.
I am considering the following.
(1) Add a option to SCDaemon. Say, "opt.keypad_fixed_length" or
something. This is to enable handling of fixed length keypad
input for SCDaemon.
Instead, this could be a list of readers which should be used
with fixed length configuration, but maintaining such a list
would be difficult.
(2) Add protocol between SCDaemon and GPG-Agent. SCDaemon inquires
length of PIN to GPG-Agent, when needed.
(3) Upon inquiry by SCDaemon for the length of PIN, GPG-Agent will
answer if it has the information at hand. Or else, GPG-Agent will
invoke pinentry to ask the length to the user, and reply back to
(4) GPG-Agent could store the length of PIN with secret key
I'm not sure if it would be useful for user to have GnuPG's command
line option to specify the length of PIN.
More information about the Gnupg-devel