Page MenuHome GnuPG
Create Task
Maniphest T6787

Kleopatra: Add pinentry counters to smart card management view
Testing, NormalPublic
Actions

Description

The pinentry counter information should be added to the view.

Maybe we should add a new subsection for this?
When redesign is necessary keep T6420 in mind which relates to the action buttons in that view, which might need another row.

See also T7018: Kleopatra: Separate smartcard window with simplified layout.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRAcc90b5e598bb Update label and add tool tip for the PIN counters
rKLEOPATRA7dd02a4962f2 Trigger a smart card update if a smart card command failed
rKLEOPATRA394f2eb16cc3 Ensure that the PIN counters are updated when they changed
rKLEOPATRAf29b9ab161ee Show the PIN retry counters for OpenPGP smart cards

Related Objects
Search...

Event Timeline

ebo created this task.Oct 31 2023, 3:28 PM
werner triaged this task as Normal priority.Nov 2 2023, 8:21 AM
alexk removed a project: vsd33.Apr 30 2024, 4:03 PM
ikloecker claimed this task.Jun 12 2024, 2:21 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker updated the task description. (Show Details)
ikloecker added a comment.Jun 12 2024, 3:38 PM

I gathered the CHV-STATUS information of a few cards.

For OpenPGP v2+ (?) the CHV-STATUS values are well-defined: 7 integers where the last 3 are the retry counters. Examples:

  • Yubikey OpenPGP v2.1: " 255 127 127 127 3 3 3" -> PIN: 3, Reset Code: 3, Admin PIN: 3
  • Zeitcontrol OpenPGP v3.4: " 0 64 64 64 3 0 3" -> Reset Code: 0 which means either Reset Code not set or no retries left

Other cards can have arbitrary many counters; some also provide labels for the counters:

  • Signature Card V2.0: "3 3 -4 0" -> -4 means "NullPIN is still active"; first two counters are for normal keys; the others are for qualified signatures
  • Dark-blue card: "3 10 10 10" with CHV-LABEL "PIN SO-PIN Extra_PIN_#0 Extra_PIN_#1"
  • White card: "3 5" with CHV-LABEL "User_Pin SO_Pin"
  • Genua card: "3 2" with CHV-LABEL "SC1_Sierra_Tango Security_Officer_PIN"

I doubt that it makes much sense to show normal users the "random" counters of the other cards. I will first implement it for OpenPGP cards only.

ikloecker added a commit: rKLEOPATRAf29b9ab161ee: Show the PIN retry counters for OpenPGP smart cards.Jun 13 2024, 11:10 AM
ikloecker added a commit: rKLEOPATRA394f2eb16cc3: Ensure that the PIN counters are updated when they changed.Jun 13 2024, 11:29 AM
ikloecker added a commit: rKLEOPATRA7dd02a4962f2: Trigger a smart card update if a smart card command failed.Jun 13 2024, 12:01 PM
ikloecker changed the task status from Open to Testing.Jun 13 2024, 12:11 PM

Done. This is how it looks like:

I'm wondering whether "PIN counters:" would be sufficient as label. We may anyway want to add a tool tip to explain what the counters actually mean. And/Or we document this in the manual.

ebo added a comment.Jun 13 2024, 1:36 PM

I'd say "PIN counters:" is enough in combination with a tool tip. An additional documentation in a manual is always nice, of course. But do we really need the "PIN" here? As long as after the colon PIN, PUK, etc is listed, I think we could drop it here and say "Retry counters"
One could also contemplate using something like "No. of tries left".

ikloecker added a comment.Jun 13 2024, 2:32 PM

gpg uses "Remaining attempts:" for the pinentry. I'll use this also in Kleopatra so that the users can more easily recognize that this is the same information.

ikloecker added a commit: rKLEOPATRAcc90b5e598bb: Update label and add tool tip for the PIN counters.Jun 13 2024, 5:15 PM
ikloecker mentioned this in T7134: Kleopatra: Allow PIN reset with Admin-PIN.Jul 16 2024, 9:52 AM