Feature request for future OpenPGP card: force PIN
Werner Koch
wk at gnupg.org
Fri Feb 8 13:51:10 CET 2013
On Fri, 8 Feb 2013 11:09, peter at digitalbrains.com said:
> the same as for the signature key; both are a form of signatures. However, I'm
> not familiar with the rationale for adding the force signature PIN flag.
That is simply a requirement due to the German law about qualified
signatures. If someone wants to use the OpenPGP card specification to
setup a qualified signature system, this feature is needed. This is not
that I think this will ever be done, but back when we worked out the
specs it seemed to be a good idea to have such a feature.
In any case it is not a security measure because the host may simply
cache the PIN and and silently do a verify command before each sign
operation. To avoid that simple workaround, a pinpad reader which
filters the VERIFY command would be needed.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list