Page MenuHome GnuPG

Filter APDUs in log output
Open, LowPublic

Description

For remote debugging it is often necessary to ask a user for a logfile from scdaemon. Although we filter most sensitive information out in log files, this is not the case for --debug cardio and --debug-ccid-driver. In particular it is possible to view the PIN of a user during a VERIFY or CHANGE REFERENCE DATA.

We should filter those APDUs as well and hide the actual PIN by default.