PIN-Entry

[Werner Koch]

On Tue, 23 Oct 2001 23:07:30 +0100, Markus Montkowski said:

> Where can I get the doc, I would like to check if it is flexible
> enought to handle Different Reader classes (With and without PINpad
> and/or Display).

cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/aegypten checkout \
 aegypten-specs/assuan-pinentry.txt

Login in first, password "anoncvs".

However there is no need to check it against other specs because it is
an internal protocol between GpgAgent and PINEntry which are both
programs to be written for Aegypten.

> The biggest Problem I can see with readers is that there is no
> direct support in PC/SC for readers with thie features (Apparently
> thats planed for PC/SC 2.0)

We have not yet decided which API to use under GNU/Linux.

> The only API I know that covers PIN entry, Displays and even
> Biometrics is CT-API.  So even on windows with PC/SC you have to use
> CT_API to use these features.

Good to know, but it is nothing we have to care about now.  Using an
external keypad to unlock a software held secret-key is a nice feature
but security-wise we gain nothing from it.

> The PIN should be queried direcly from within the Crypto function.
> In the crypto transaction with the card the crypto function should issue

Have a look at the diagram on the web page.  We exactly do that.  A
reader requiring the host to retrieve the PIN from the keypad to send
it right back to the reader is not woththe money - any way to utilize
the keypad while a token is inserted is actually a security risk.


  Werner


p.s.
Can please check your MUA setup, there is something wrong with your
line wrapping - I had to reformat it for quoting purposes.

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus