Supporting fixed length keypad input
gniibe at fsij.org
Tue Jan 15 03:36:53 CET 2013
Thanks for your comments.
My replies are by different order.
On 2013-01-10 at 09:03 +0100, Achim Pietig wrote:
> "pinpad" is the most common word in standards.
> If support for "old" readers with fixed length input is requirerd, I
> prefere a local var (e. g. gpgconf) with the fixed length preferred
> by the user. If the var is 0 or not defined, the min-max length
> should be taken from the card. The var may be evaluated by pinentry.
> If the password is defined by a keyboard, --disable-pinpad may be
> useful. All this affects the local environment only.
I understand the need for configuration on host PC (for card specific
configuration). The issue is: how to implement this. IIUC, SCDaemon
is the lower level driver which handles smartcard/token communication
(perhaps, this understanding of mine would be wrong), and how to get
card specific information is under discussion.
> Actual there are 3 standards for readers with PIN-pad, all support
> var-lenth-pins, so older readers will be obsolet soon. If you want
> to support this old items anyway, then keep it simple... It makes
> no sence to me to find a solution with new information in card or
> servers etc. to make this run at any pin-pad - standard compliant
> pinpads will run with min-max values!
Could you please let me know the references for the standards? A
vendor which I contacted last year claimed that the reader is standard
compliant (even if it doesn't support variable length input).
Well, I understand that fixed length input support should be special
To summarize discussion, I'd like to propose the following for pinpad
* Default is variable length pinpad input when reader supports the
* Use pinentry by keyboard on host PC, when reader doesn't supports
the feature (including reader supports pinpad input but requires
fixed length input).
* Only when a user wants to do special thing, he needs to specify
this. Special cases are:
(1) Use pinentry by keyboard even with pinpad reader.
(for cases when PIN has characters other than digits.)
(2) Use fixed length input.
> Login-Data is an ISO definied data object (7816-6).
> It should not contain other information than defined by ISO, so
> first check if this information is possible there.
Proprietary login data
Referenced by tag '5E', this interindustry data element
consists of login data with proprietary structures not
specified in ISO/IEC 7816.
More information about the Gnupg-devel