[Gnuk-users] [PATCH RFC] Requiring a physical presence for authentication

[Jeremy Drake]

On Fri, 11 Aug 2017, NIIBE Yutaka wrote:

> For me, button's interfering the computation of device without informing
> host sounds not good.  In my opinion, it is better to improve the
> protocol between host and the token.  I mean, it is better for host
> to know what's going on between user and the device.

I was going to reply to the previous message...  Apparently such a feature 
was added to the OpenPGP card in verson 3.0 of the specification.  Quotes 
from version 3.3:


  4.1.3.2 General feature management

In the OpenPGP card application the optional DO “General feature 
management” ('7F74') may be available directly after SELECT as single DO 
and in between the “Application Related Data” ('6E'). The DO announced 
additional hardware for user interaction, if present the User Interaction 
Flag (UIF) in the related DOs shall be evaluated. The DO contains a data 
object with Tag '81' with the following content (only first byte):

...

Actual only the behaviour for Button is defined, e. g. '7F74 03 81 01 20' 
announces a button. ISO defines more bytes for additional features, they 
are not used by the OpenPGP card at the moment.

  4.4.3.5 User Interaction Flag

The optional feature User Interaction Flag adds a special behaviour to the 
related commands. If the flag is enabled (or permanently enabled) and a 
button or keypad is present, the related function will only run if a 
special button (on a keypad ENTER button) on the card or device is pressed 
by the user. This is a security function against viruses/trojans that try 
to call the functions on the card without knowledge of the user. The flags 
are evaluated by the card and can be changed by the card holder with the 
admin password (optional). Cards may support a permanently enabling for a 
flag, in that case the value cannot be changed any more (except factory 
reset). If the user did not finish the action (abort, timeout) the card 
should answer with SW1SW2 = 6600