changing the user PIN for a smartcard in a script
Bernhard Reiter
bernhard at intevation.de
Fri Oct 31 15:23:17 CET 2014
On Wednesday 29 October 2014 at 22:29:07, Florin Andrei wrote:
> Ideally, I would run a script, have the user type in the new PIN, and
> the script would run "gpg --change-pin", do another thing with the PIN
> string after that, then discard it.
>
> The problem, of course, is that pinentry is launched. Now the user has
> to type the PIN several times. It's cumbersome and error-prone.
The idea of pinentry is that there is a most direct connection between
the user and the gpg-agent, holding the secret key. It does not want to let
other software do "another thing" with the PIN string. ;)
And then, of course, if a user is to set a new pin, he or she should be able
to easily type it in correctly a second time. >:)
You could develop your own pinentry application.
Note that pinentry-0.9 in some variants can do the two entries in one dialog.
Best,
Bernhard
--
www.intevation.de/~bernhard (CEO) www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141031/adec369e/attachment.sig>
More information about the Gnupg-users
mailing list