changing the user PIN for a smartcard in a script
Florin Andrei
florin at andrei.myip.org
Wed Oct 29 22:29:07 CET 2014
I'm programming the smartcards on a bunch of YubiKey NEO tokens. Before
I give the token to the user, I would like to allow them to pick a new
user PIN and set it. I don't need to know their PIN and I actually don't
*want* to know it.
Ideally, I would run a script, have the user type in the new PIN, and
the script would run "gpg --change-pin", do another thing with the PIN
string after that, then discard it.
The problem, of course, is that pinentry is launched. Now the user has
to type the PIN several times. It's cumbersome and error-prone.
I've learned how to disable the pinentry GUI...
export PINENTRY_USER_DATA="USE_CURSES=1"
...but that's not much better. I tried to write an Expect script with
autoexpect, but curses makes a mess of the Expect code.
I don't want to send the PIN to the clipboard and retrieve it with
CTRL-V, as that's not a good place for it to be, even temporarily.
Any ideas?
--
Florin Andrei
http://florin.myip.org/
More information about the Gnupg-users
mailing list