Supporting fixed length keypad input
gniibe at fsij.org
Thu Jan 10 02:03:27 CET 2013
On 2013-01-09 at 10:23 +0100, Werner Koch wrote:
> I don't consider this a real problem. The minimum length is anyway 6
> and thus there is not much of an advantage to notice that a larger PIN
> length. We have at max 6 tries.
OK. I will consider to support getting/putting user's preference from
the login-data DO.
> > I meant two things. It seems that it's only through GPG-Agent which
> > SCDaemon could get such information from user. And, GPG-Agent could
> > cache information of user interaction to stop asking user every time.
> Hmmm, that might be possible but I still don't like it.
Perhaps, I had thought over-engineered thing, which would be
unnecessary. This particular idea of mine came when I looked your
commit of the following:
Author: Werner Koch <wk at gnupg.org>
Date: Tue Feb 7 14:17:33 2012 +0100
agent: Add pin length field to the shadowed private key format.
I thought that you had intended to cache PIN length information
together with card S/N in user's shadowed secret key, under control
Yes, simpler is better. I won't implement the caching by GPG-Agent.
I will just implement proxy things by GPG-Agent from SCDaemon to
pinentry/gpg, only when needed.
> > NOTE: There are cases when user doesn't want to use the card
> > reader's keypad. For example, his PIN includes characters not
> > available by the reader's keypad.
> --disable-pinpad comes hadny in this case. The case to too rare to
> annoy a user with a prompt on whether to use the pinpad. However, we
> can put an URL into the "please enter your pin at pinpad" pop up
> messages so that the user will be able to find out what to do in cases
> he has not only digits in his PIN. I consider a URL better than a fixed
> text due to getext issues and an easier way to update this information.
Currently, it is SCDaemon which has "--disable-keypad" option. I
think that it is an option for a card reader, not for particular card
usage. When user knows his card reader doesn't support pinpad input
well, he will use this option to stop the card reader's feature. Once
it is disabled, a user needs to restart SCDaemon to enable use of
I think that we need an option for gpg to enable/disable use of keypad
for particular card usage. SCDaemon would inquire this option to gpg
through GPG-Agent. Or, gpg would inform SCDaemon through GPG-Agent.
BTW, we need to decide wording for "keypad" or "pinpad". I don't
have any preference. I tend to use "keypad" because there are
functions implemented with _keypad suffix, but "pinpad" would
be better as it looks more common word.
More information about the Gnupg-devel