PIN-Entry

Werner Koch wk@gnupg.org
Wed Oct 24 09:34:01 2001


On Tue, 23 Oct 2001 23:07:30 +0100, Markus Montkowski said:


> Where can I get the doc, I would like to check if it is flexible
> enought to handle Different Reader classes (With and without PINpad
> and/or Display).
cvs -d :pserver:anoncvs@cvs.gnupg.org:/cvs/aegypten checkout \ aegypten-specs/assuan-pinentry.txt Login in first, password "anoncvs". However there is no need to check it against other specs because it is an internal protocol between GpgAgent and PINEntry which are both programs to be written for Aegypten.
> The biggest Problem I can see with readers is that there is no
> direct support in PC/SC for readers with thie features (Apparently
> thats planed for PC/SC 2.0)
We have not yet decided which API to use under GNU/Linux.
> The only API I know that covers PIN entry, Displays and even
> Biometrics is CT-API. So even on windows with PC/SC you have to use
> CT_API to use these features.
Good to know, but it is nothing we have to care about now. Using an external keypad to unlock a software held secret-key is a nice feature but security-wise we gain nothing from it.
> The PIN should be queried direcly from within the Crypto function.
> In the crypto transaction with the card the crypto function should issue
Have a look at the diagram on the web page. We exactly do that. A reader requiring the host to retrieve the PIN from the keypad to send it right back to the reader is not woththe money - any way to utilize the keypad while a token is inserted is actually a security risk. Werner p.s. Can please check your MUA setup, there is something wrong with your line wrapping - I had to reformat it for quoting purposes. -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus