-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Single PIN #145
Comments
I don't think this is part of the standard. It is part of gnuk under the name "admin less" mode, which is entered by changing the user pin away from the default before changing the admin pin. |
I think this is a pretty confusing feature. It is enabled by doing an action that has no indication to be enabling this, and there is no UI to report this. I think at best a compromise would be to enable it explicitly through nitropy or the nitrokey app instead of doing it implicitly. |
Explicit configuration sounds good |
Would it be problematic for the client software, if Single PIN would be made the default behavior? |
No. However it would be very confusing for someone used to other gpg smartcards, and ui would still ask for the both pins when only one is expected. I do agree that this is a feature that makes a lot of sense though, and I understand why gnuk does it this way: if you change the user pin but keep the admin pin default, you can still reset the user pin using the default admin pin, which can be dangerous for a user that doesn't think about changing the admin pin. |
That's true, but perhaps indifferent for the low-tech user. The target audience for this solution is a person not used to smart cards, hence it sounds sensible to make it a default. This solution is similar to FIDO2 single PIN. |
OpenPGP Card specification allows to unify User PIN and Admin PIN. This would be a nice feature for Opcard.
The text was updated successfully, but these errors were encountered: