[Muscle] Secure PIN entry with variable legth
Karsten Ohme
widerstand at t-online.de
Mon Jan 28 15:05:22 PST 2008
Mathias Tausig schrieb:
>> AFAIK it is not possible to NOT padd a PIN using the PIN entry command
>> of a class2 reader. The CCID specification does not specify a no
>> padding option.
>>
>> My CCID driver has support of this feature with the SPR532 reader
>> using a proprietary command of the reader. The patch [1] was applied
>> two years ago and its use is not really documented (even in the source
>> code). If I am correct you just need to send an Class 1 APDU (CLA,
>> INS, P1, P2) and the reader will insert the PIN without padding.
>>
>> If you are not using the SPR532 reader I have no solution.
>>
>
> Sadly, no. It's an Omnikey Cardman 3621.
> Thank you anyway, the knowledge that I can stop trying, helps a bit, too...
See the CT BCS standard. You can sent a command to the terminal, which
builds for you the e.g ISO VERIFY command when the user has press the OK
button. If your reader supports it, then it might look like this:
VERIFY Terminal Length
20180100 08
Tag Length control byte insertion position of PIN ISO VERIFY
52 06 00 06 00200000
Or the PC/SC 2.0 spec defines also some commands if I remember correctly.
Regards,
Karsten
>
> cheers
> Mathias
>
> _______________________________________________
> Muscle mailing list
> Muscle at lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
More information about the Muscle
mailing list