Supporting fixed length keypad input
Werner Koch
wk at gnupg.org
Wed Jan 9 10:23:21 CET 2013
On Wed, 9 Jan 2013 03:22, gniibe at fsij.org said:
> This would be a place to save the information, but this information is
> available to everyone who can accesses the card, that would not be
> good.
I don't consider this a real problem. The minimum length is anyway 6
and thus there is not much of an advantage to notice that a larger PIN
length. We have at max 6 tries.
> I meant two things. It seems that it's only through GPG-Agent which
> SCDaemon could get such information from user. And, GPG-Agent could
> cache information of user interaction to stop asking user every time.
Hmmm, that might be possible but I still don't like it.
> NOTE: There are cases when user doesn't want to use the card
> reader's keypad. For example, his PIN includes characters not
> available by the reader's keypad.
--disable-pinpad comes hadny in this case. The case to too rare to
annoy a user with a prompt on whether to use the pinpad. However, we
can put an URL into the "please enter your pin at pinpad" pop up
messages so that the user will be able to find out what to do in cases
he has not only digits in his PIN. I consider a URL better than a fixed
text due to getext issues and an easier way to update this information.
> (A) User specifies to force keypad input for the card.
>
> (B) GnuPG knows the card reader supports variable length input.
>
> (C) GnuPG knows the length of PIN.
>
> Then GnuPG can skip the step (1) when (A && (B || C)) is true.
Right. We already have a similar switch statement in scd for (B) (when
using the internal CCI driver).
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list