private data objects on smartcard

Damien Goutte-Gattat dgouttegattat at incenp.org
Fri Jan 31 01:06:43 CET 2020


On Fri, Jan 31, 2020 at 12:55:05AM +0100, mailing list wrote:
>I hoped these objects may have been (read) protected by the PIN, but
>they´re world readable if you have the card, a bit sad...

Only Private DOs #1 and #2 are readable without any PIN. Reading the 
private DO #3 requires the user PIN, and reading the private DO #4 
requires the admin PIN.

If no PIN has been verified, the --card-status command will only ever 
print out the contents of private DOs #1 and #2.

While we are at it, *writing* to the private DOs #1 and #3 requires the 
user PIN, and writing to the private DOs #2 and #4 requires the admin 
PIN.

You can find the details about those DOs and all the other features of 
the OpenPGP smart card in the specifications for the different versions, 
which are all available on GnuPG's site [1].


Cheers,

- Damien


[1] https://gnupg.org/ftp/specs/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200131/62c03df6/attachment.sig>


More information about the Gnupg-users mailing list