Supporting fixed length keypad input

NIIBE Yutaka gniibe at fsij.org
Thu Jan 10 02:03:27 CET 2013 

On 2013-01-09 at 10:23 +0100, Werner Koch wrote:
> I don't consider this a real problem.  The minimum length is anyway 6
> and thus there is not much of an advantage to notice that a larger PIN
> length.  We have at max 6 tries.

OK.  I will consider to support getting/putting user's preference from
the login-data DO.

> > I meant two things.  It seems that it's only through GPG-Agent which
> > SCDaemon could get such information from user.  And, GPG-Agent could
> > cache information of user interaction to stop asking user every time.
> 
> Hmmm, that might be possible but I still don't like it.

Perhaps, I had thought over-engineered thing, which would be
unnecessary.  This particular idea of mine came when I looked your
commit of the following:

	commit b817ae7df947093384a25797999a9aa187e20f9c
	Author: Werner Koch <wk at gnupg.org>
	Date:   Tue Feb 7 14:17:33 2012 +0100

	agent: Add pin length field to the shadowed private key format.

I thought that you had intended to cache PIN length information
together with card S/N in user's shadowed secret key, under control
of GPG-Agent.

Yes, simpler is better.  I won't implement the caching by GPG-Agent.
I will just implement proxy things by GPG-Agent from SCDaemon to
pinentry/gpg, only when needed.

> >     NOTE: There are cases when user doesn't want to use the card
> >     reader's keypad.  For example, his PIN includes characters not
> >     available by the reader's keypad.
> 
> --disable-pinpad comes hadny in this case.  The case to too rare to
> annoy a user with a prompt on whether to use the pinpad.  However, we
> can put an URL into the "please enter your pin at pinpad" pop up
> messages so that the user will be able to find out what to do in cases
> he has not only digits in his PIN.  I consider a URL better than a fixed
> text due to getext issues and an easier way to update this information.

Currently, it is SCDaemon which has "--disable-keypad" option.  I
think that it is an option for a card reader, not for particular card
usage.  When user knows his card reader doesn't support pinpad input
well, he will use this option to stop the card reader's feature.  Once
it is disabled, a user needs to restart SCDaemon to enable use of
keypad.

I think that we need an option for gpg to enable/disable use of keypad
for particular card usage.  SCDaemon would inquire this option to gpg
through GPG-Agent.  Or, gpg would inform SCDaemon through GPG-Agent.

BTW, we need to decide wording for "keypad" or "pinpad".  I don't
have any preference.  I tend to use "keypad" because there are
functions implemented with _keypad suffix, but "pinpad" would
be better as it looks more common word.
--

More information about the Gnupg-devel mailing list