martin at martinpaljak
Jan 11, 2012, 1:01 AM
Post #7 of 11
Re: pinpad entry support in Git repository
[In reply to]
On Thu, Jan 5, 2012 at 03:37, NIIBE Yutaka <gniibe [at] fsij> wrote:
> Happy New Year, everyone!
> On 2011-12-19 at 12:59 +0900, NIIBE Yutaka wrote:
>> Thus, I wrote a python script. Attached is a program which tests PIN
>> entry using pinpad of card reader. It requires "Pyscard", smartcard
>> library for python. See http://pyscard.sourceforge.net/ for Pyscard.
>> This test program assumes that OpenPGP card v2 is inserted to it.
> I updated the test program for pinpad entry. It is also renamed (with
> no hyphen in the filename). Attached is the newest version, which is
> also available at:
> It is extensively tested with Vasco DIGIPASS 920. Note that the
> reader has firewall feature which doesn't allow VERIFY or CHANGE
> REFERENCE DATA command with data from host, but only allows pinpad
> entry by the reader. With no pinpad entry support, this reader were
> useless at all. It works well except --unblock --admin.
> I also tested with Gemalto's GemPC PinPad Smart Card Reader
> (08e6:3478) which has the firmware "GemTwRC2-V2.10-GL04".
> Unfortunately, it seems that this reader doesn't support variable
> length PIN.
> Please test your readers, it they come with pinpad. And let me know
> the result. Thanks again, in advance.
Did some testing with three readers that were not mentioned, which I
had available. Attached a small "report".
Reader 1: ACS non-CCID reader ACR83, with the vnedor-provided modified
CCID driver. Did not work at all.
Reader 2: Gemalto Ezio Shield (variant): PIN commands worked as
expected (with pinmax up to 32, I did not type 32 digits though),
plaintext PIN commands were disallowed with 6d00
Reader 3: Omnikey 3821: worked as expected with pinpad.
Also a small patch against pinpadtest.py as I have several readers I
It might make sense to make a "probing script" that would discover
deficiencies in reader firmwares (like require certain message bits
(some of them are fixed in the CCID driver) or require fixed PIN
Hope this helps,