Add an option to specify the private DO slot where the key is
to be read, instead of always using private DO #1.
Note that reading from private DOs 3 and 4 will fail if the
appriopriate PIN has not been verified prior the call to
scdtotp.
Allow to chose the HMAC algorithm among SHA-1, SHA-256 and
SHA-512. Other algorithms are available in libgcrypt but those
are the only one specified in RFP 6238.
Add a new tool, scdtotp, to use the OpenPGP smartcard as a poor
man’s one-time password token. The program reads a key from
the smartcard’s private DO and derives and time-based one-time
password from it.
We will use some libgcrypt functions, such as the error handling
functions, so make sure it os present and usable (the programs
already depends on Scdaemon being available, so we are not adding
any new dependency--all of GnuPG should already be there).
When using both -L and -t option (looping for a given number of
times, adding entropy only when needed), decrement the loop counter
only when entropy is actually added to the pool, not when we are
merely waiting for the available entropy to fall below the
requested threshold.
Allow the program to run in loop mode, where it will get random
data from the card at regular interval. The loop can be infinite,
or limited to a specified number of iterations.
Introduce the MAX_RANDOM_BYTES and DEFAULT_RANDOM_BYTES constants
to represent the maximum number of random bytes that can be
requested and the default number of requested bytes, respectively.
Add the code to send the random bytes received from the card to the
kernel entropy pool.
This requires root privileges, while the scdaemon usually runs on
behalf on a normal user, so the program will probably have to be run
as setuid root. To reduce the amount of code running with root
privileges, a new process is started to take care of actually sending
random bytes to the kernel entropy pool. The rest of the program,
running in the parent process, can drop its root privileges, as they
are not required to communicate with scdaemon.
This is scdrand, a program that will connect to a running scdaemon
(the daemon used by GnuPG to access smart cards) and extract
random numbers generated by a smart card.
