Supporting fixed length keypad input
Achim Pietig
achim at pietig.com
Sat Mar 2 15:35:11 CET 2013
Hi,
I was asked for the latest standards relevant for PIN or password input with PINPads:
PC/SC V2: Interoperability Specification for ICCs and Personal Computer Systems, Part 10 IFDs with Secure PIN Entry Capabilities, Revision 2.02.09 November 2012
Secoder 2: from german banks (GeldKarte), not public available
Most standards support the PIN 2 block format as most (banking standard for digits only).
The OpenPGP card uses alphanumeric password, a reason was to use passphrases on the card too.
If the support of readers for alpha passwords with variable length is too complex, a next version of the OpenPGP card may support PIN 2-block too, but then an algorithm ID or a usage flag in Extended
capabilies is needed. What do you think?
Regards,
Achim
Am 15.01.2013 03:36, schrieb NIIBE Yutaka:
> Thanks for your comments.
>
> My replies are by different order.
>
> On 2013-01-10 at 09:03 +0100, Achim Pietig wrote:
>> "pinpad" is the most common word in standards.
>
> I see.
>
>> If support for "old" readers with fixed length input is requirerd, I
>> prefere a local var (e. g. gpgconf) with the fixed length preferred
>> by the user. If the var is 0 or not defined, the min-max length
>> should be taken from the card. The var may be evaluated by pinentry.
>> If the password is defined by a keyboard, --disable-pinpad may be
>> useful. All this affects the local environment only.
>
> I understand the need for configuration on host PC (for card specific
> configuration). The issue is: how to implement this. IIUC, SCDaemon
> is the lower level driver which handles smartcard/token communication
> (perhaps, this understanding of mine would be wrong), and how to get
> card specific information is under discussion.
>
>> Actual there are 3 standards for readers with PIN-pad, all support
>> var-lenth-pins, so older readers will be obsolet soon. If you want
>> to support this old items anyway, then keep it simple... It makes
>> no sence to me to find a solution with new information in card or
>> servers etc. to make this run at any pin-pad - standard compliant
>> pinpads will run with min-max values!
>
> Could you please let me know the references for the standards? A
> vendor which I contacted last year claimed that the reader is standard
> compliant (even if it doesn't support variable length input).
>
> Well, I understand that fixed length input support should be special
> case.
>
> To summarize discussion, I'd like to propose the following for pinpad
> input.
>
> * Default is variable length pinpad input when reader supports the
> feature.
>
> * Use pinentry by keyboard on host PC, when reader doesn't supports
> the feature (including reader supports pinpad input but requires
> fixed length input).
>
> * Only when a user wants to do special thing, he needs to specify
> this. Special cases are:
>
> (1) Use pinentry by keyboard even with pinpad reader.
> (for cases when PIN has characters other than digits.)
>
> (2) Use fixed length input.
>
>> Login-Data is an ISO definied data object (7816-6).
>> It should not contain other information than defined by ISO, so
>> first check if this information is possible there.
>
> It says:
>
> Proprietary login data
>
> Referenced by tag '5E', this interindustry data element
> consists of login data with proprietary structures not
> specified in ISO/IEC 7816.
>
More information about the Gnupg-devel
mailing list