[PATCH] scd: Improve KDF-DO support

Achim Pietig achim at pietig.com
Mon Feb 12 18:17:54 CET 2018

Hello Arnaud,

as I understand Niibes implementation correctly, the actual definition in the card should work.
If the flag for KDF is set in Extended capabilites, the KDF-DO shall be evaluated (is part of application data 6E; if not can be read separately with Tag F9).

If all child DOs (F9) are filled with valid data, the KDF-support is installed and the passwords are still set to this format.
If the DO is empty (810100 means empty) or not valid, the passwords are in standard format and can be set by any software that can handle that.
During changing the passwords to KDF-format, the KDF-DO must be set to a proper value.


Am 12.02.2018 um 10:36 schrieb Arnaud Fontaine:
> Hi,
> so you (will) have the same problem with the current implementation
> where KDF_ITERSALTED_S2K is systematically applied when the card
> supports KDF (bit set in the extended capabilities) and a KDF-DO is
> present (whatever its content).
> Cheers

More information about the Gnupg-devel mailing list