Re: Changing PINs of German bank card

[Guan Xin]

On Tue, Jul 11, 2017 at 1:52 AM, Matthias Apitz  wrote:

>
> Nowadays some German banks allow changing the PIN in the Teller
> Machines. I saw it today in an ATM of the Sparkasse. Amex allows (or
> allowed) requesting a new personal PIN by fax.
>
> Interesting ... Just closed my Sparkasse account since everyday every
clerk of them has a different answer to exactly the same question and I'm
unable follow them.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Guan Xin]

On Tue, Jul 11, 2017 at 1:38 AM, Ingo Klöcker  wrote:

>
> ... and that would very often be either 1234[56] or the card owner's
> date of birth as we all know. A random 4-digit PIN randomly chosen by
> the bank is certainly safer than this.
>
> Yes, that's true.


> German banks require you to destroy the PIN letter after memorizing the
> PIN. You are not supposed to keep the letter. If you want to follow
> their method then write your PIN on a piece of paper, memorize the PIN
> and then burn or eat the piece of paper. ;-)
>
> Sometimes they circulate the permanent PIN for two weeks in German Post
before delivery. Looks like I'm the last to read it.

Two  other advantages (correct me if I'm mistaken) of self-invented PINs
are, I think,
1) One can prepare and remember the PIN in advance, so there is practically
no need to write it down;
2) A PIN letter is only something I have, while my own PIN record is in
addition something I know. i.e., it may not be obvious to someone else to
be a PIN record / reminder.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Monday 10 July 2017 at 8:24:28 PM, in
,
gnupg-users.d...@o.banes.ch wrote:-


> In e.g. switerland it is normal to change your PIN -
> which is most time
> 6 Digits long.

In the UK bank card PINs are almost exclusively 4 digits long. The
bank allocates a PIN initially, but the customer can usually change it
as often as they like at an ATM that supports PIN changes.

- --
Best regards

MFPA  

Hard work never killed anyone, but why take a risk?
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWWQQEV8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5PYiAP9EsNwdiB/SIfTLFBdfUvZZoRXP45DGJS7pIbRFK/+hTAEAs3wPoT9uSXhV
cw1zh3xFCanohsHofRcWzoa5wB1pYAuJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWWQQF18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8LF2B/9B5cN54cApj+jdAge2m7M0VRXB
VQVbGSxnlCniGJnLAsN69KffCV9RkHsQtj0lYM6j1AbStJd2PJUh7ZFK2mMPhtOl
SNYaXgFJL/8nEqM84NKI1GdxOWhd5wiQ82zbpiqDV0R4GjGnswudjjVfIXjJanGx
3tf6SknBCCW2KSeg9rOqBJP9PKA2EpDbEx0Ol8Wacg0tH/zVlXUPnwqPb8ezYsNS
DyrSW+ndCNUNVEgFGpZpJXENe9MyP6D9RD0hSHfIY+J6BWQZ/UeM/21eDE9o50e9
dGA+a0SyDPbRx+A6CaGBvcfVZWbCcQgfyHEmL92ZQBGD/Fcnefn2WM1SAy7Z
=JVCv
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[gnupg-users . dirk]

since german bankingcards / even girocard should comply to EMV Standard
a change of PIN via Issuer Script should be possible - if the issuer -
your bank - supports it.

FYI: You have to change the PIN in the Card for offline validation  and
the PIN stored in the issuers backed.

In e.g. switerland it is normal to change your PIN - which is most time
6 Digits long.

best regards

Dirk

On 10.07.2017 19:52, Matthias Apitz wrote:
> El día lunes, julio 10, 2017 a las 11:42:12p. m. +0800, Guan Xin escribió:
>
>> This is probably a general question --
>>
>> I have never seen a German bank that allows changing the PIN of a card.
>> So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
>> mailed in clear text really safer than using a 4 to 6 digit variable length
>> PIN that never explicitly appears anywhere.
> Nowadays some German banks allow changing the PIN in the Teller
> Machines. I saw it today in an ATM of the Sparkasse. Amex allows (or 
> allowed) requesting a new personal PIN by fax.
>
>   matthias
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: storing PINs of credit / EC cards with GnuPG

[Heinz Diehl]

On 10.07.2017, Matthias Apitz wrote: 

> This question is perhaps only for German users of GnuPG. In the past
> German banks and credit institutes prohibited the storing of PIN numbers
> etc. on personal computer systems

Does anybody care?

> even claiming that in the case of storing
> they would not have been responsible anymore for the abuse of stolen
> credit cards.

..what still has to be proofed in case this happens.

> What is the current situation about this issue in the German law if such
> PIN numbers are stored ciphered with GnuPG?

If storing the PIN on personal computers is prohibited, then... it's
prohibited.

Cheers, Heinz (not living in Germany and storing all PINs within a
password manager)


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Matthias Apitz]

El día lunes, julio 10, 2017 a las 11:42:12p. m. +0800, Guan Xin escribió:

> This is probably a general question --
> 
> I have never seen a German bank that allows changing the PIN of a card.
> So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
> mailed in clear text really safer than using a 4 to 6 digit variable length
> PIN that never explicitly appears anywhere.

Nowadays some German banks allow changing the PIN in the Teller
Machines. I saw it today in an ATM of the Sparkasse. Amex allows (or 
allowed) requesting a new personal PIN by fax.

matthias
-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Ingo Klöcker]

On Monday 10 July 2017 23:42:12 Guan Xin wrote:
> This is probably a general question --
> 
> I have never seen a German bank that allows changing the PIN of a
> card. So I wonder if it is because using a fixed (non-changeable)
> 4-digit PIN mailed in clear text really safer than using a 4 to 6
> digit variable length PIN that never explicitly appears anywhere.

... and that would very often be either 1234[56] or the card owner's 
date of birth as we all know. A random 4-digit PIN randomly chosen by 
the bank is certainly safer than this.


> If German banks are right, then should I follow their method and store
> the PINs of my OpenPGP cards on a piece of paper?

German banks require you to destroy the PIN letter after memorizing the 
PIN. You are not supposed to keep the letter. If you want to follow 
their method then write your PIN on a piece of paper, memorize the PIN 
and then burn or eat the piece of paper. ;-)


Regards,
Ingo


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Changing PINs of German bank card

[Guan Xin]

This is probably a general question --

I have never seen a German bank that allows changing the PIN of a card.
So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
mailed in clear text really safer than using a 4 to 6 digit variable length
PIN that never explicitly appears anywhere.

If German banks are right, then should I follow their method and store the
PINs of my OpenPGP cards on a piece of paper?

Guan
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: storing PINs of credit / EC cards with GnuPG

[Julian H. Stacey]

> Hello,
> This question is perhaps only for German users of GnuPG. In the past
> German banks and credit institutes prohibited the storing of PIN numbers
> etc. on personal computer systems, even claiming that in the case of storing
> they would not have been responsible anymore for the abuse of stolen
> credit cards.
> 
> What is the current situation about this issue in the German law if such
> PIN numbers are stored ciphered with GnuPG?
> 
> Thanks
> 
>   matthias

Hi Matthias cc gnupg-users@
Others that might know: German SAGE (Sys Admin Guild)
http://guug.de/sage/index.html
1.5 hours back I posted to SAGE/Munich suggesting a beer garden tonight.
https://lists.guug.de/cgi-bin/mailman/listinfo/sage-muc

Cheers,
Julian
-- 
Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer
 Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable.
 http://berklix.eu/brexit/#700k_stolen_votes

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpgme - raw RSA operation using GPG public/private keys?

[gnupg-user]

Hello everybody!

I am looking for a "simple" way to use a GPG public/private RSA key to
do "raw" RSA operations. I have the impression, that gpgme only deals
with "real" OpenPGP data structures, but this does not fit my use case.
This is for an application that is currently based on openssl crypto.

I do have a "plan-b" if there is no simpler way, but given the gpgme,
libgcrypt ecosystem (which I have not really used before) I hope that I
will not have to use this:

  * use gpgme to access gnupg keyrings
  * "export" a key using as an OpenPGP key into an in-memory buffer
  * parse this key from the buffer - extracting RSA numbers
  * put the RSA values into an openssl RSA key structure
  * do the crypto using openssl

This does work - I tested this up to the fourth bullet... but there
surely must be a better way however, looking at the gpgme docs I can
find no obvious candidates for RSA operations - gpgme_op_encrypt does
not what I need, as it constructs a PGP message, where I assume it uses
a session key and encrypts that using RSA...


peter

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

storing PINs of credit / EC cards with GnuPG

[Matthias Apitz]

Hello,

This question is perhaps only for German users of GnuPG. In the past
German banks and credit institutes prohibited the storing of PIN numbers
etc. on personal computer systems, even claiming that in the case of storing
they would not have been responsible anymore for the abuse of stolen
credit cards.

What is the current situation about this issue in the German law if such
PIN numbers are stored ciphered with GnuPG?

Thanks

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users