2240 – Secure PIN entry for smartcards through the keypad on the reader (patch)

Bug 2240 - Secure PIN entry for smartcards through the keypad on the reader (patch)

Summary: Secure PIN entry for smartcards through the keypad on the reader (patch)

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Duplicates (1):	2185 (view as bug list)
Depends on:
Blocks:	V_6_9
	Show dependency tree / graph

Reported:	2014-05-07 16:12 AEST by Dirk-Willem van Gulik
Modified:	2016-08-02 10:41 AEST (History)
CC List:	3 users (show)

See Also:

Attachments
patch for secure PIN entry (1.42 KB, application/octet-stream) 2014-05-07 16:12 AEST, Dirk-Willem van Gulik	no flags	Details
Updated patch for same. (1.38 KB, patch) 2015-03-18 19:18 AEDT, Dirk-Willem van Gulik	no flags	Details \| Diff
Simplified/merged patch (1.40 KB, patch) 2015-03-18 19:30 AEDT, Dirk-Willem van Gulik	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk-Willem van Gulik 2014-05-07 16:12:26 AEST

Created attachment 2435 [details]
patch for secure PIN entry

Folks,

Find below a minor patch to allow the use of smartcards in readers that have their own
PIN entry keypads (Secure PIN entry) such as the SPR332 and most german/medical
chipcard devices.

Tested on Solaris, FreeBSD and MacOSX against various cards and drivers.

I’ve left the pkcs11_interactive check in place. Arguably - with some Secure PIN readers
it may be better to move this just in front of the keyboard entry ONLY; as there are some
secure PIN keypads that use means which are somewhat suitable to unattended 
operation. But I thought it better to let this wait until an actual use case warrants this
and/or the need for a special flag/argument to control such.

Thanks,

Dw.

Comment 1 Dirk-Willem van Gulik 2015-03-18 19:18:52 AEDT

Created attachment 2569 [details]
Updated patch for same.

Comment 2 Dirk-Willem van Gulik 2015-03-18 19:30:55 AEDT

Created attachment 2570 [details]
Simplified/merged patch

Comment 3 calderon.thomas 2015-03-30 22:47:19 AEDT

Hi,

I can confirm that this works with Gemalto and Xiring USB readers with PinPad.

It would be greatly appreciated if this is merged for the next release.

Cheers,

Thomas.

Comment 4 Damien Miller 2015-04-20 14:30:18 AEST

*** Bug 2185 has been marked as a duplicate of this bug. ***

Comment 5 Damien Miller 2015-05-27 15:44:08 AEST

This has been committed and will be in openssh-6.9. The final patch is:

https://anongit.mindrot.org/openssh.git/patch/?id=a71ba58adf34e599f30cdda6e9b93ae6e3937eea

Comment 6 Damien Miller 2016-08-02 10:41:23 AEST

Close all resolved bugs after 7.3p1 release