[Muscle] Secure PIN entry with variable legth

[Martin Paljak]

Hi.
On Jan 28, 2008, at 4:00 PM, Mathias Tausig wrote:
>> AFAIK it is not possible to NOT padd a PIN using the PIN entry  
>> command
>> of a class2 reader. The CCID specification does not specify a no
>> padding option.
True. But as there are cards that work this way. Maybe manufacturers  
have a workaround.

>> My CCID driver has support of this feature with the SPR532 reader
>> using a proprietary command of the reader. The patch [1] was applied
>> two years ago and its use is not really documented (even in the  
>> source
>> code).
OpenSC makes use of this, but I'm afraid the documentation in the  
OpenSC pinpad code is scarce as well. I know the same pinpad code in  
OpenSC has been used on Windows with other reader drivers  
successfully, but I can't recall if this was an Omnikey reader or not.

>> If I am correct you just need to send an Class 1 APDU (CLA,
>> INS, P1, P2) and the reader will insert the PIN without padding.
Exact.


> Sadly, no. It's an Omnikey Cardman 3621.
You can ask OmniKey if there is some proprietary protocol to allow  
this feature. 3621 is supported by Estonian eID (which uses such pins)  
software via CT-API on Windows and most of the CT-API drivers these  
days seem to be implemented on top of PCSC, thus I believe there is a  
chance that the reader supports it and we just need to know the  
proprietary method.

The first step would be to maybe try the same hack (extend the patch  
to work with 3621), maybe this is a "standard" non-documented way.

m.
-- 
Martin Paljak
http://martin.paljak.pri.ee
+3725156495