--- opensc-0.10.0/man/pkcs15-crypt.1.orig 2005-12-07 13:24:17.000000000 -0200 +++ opensc-0.10.0/man/pkcs15-crypt.1 2005-12-07 13:25:02.000000000 -0200 @@ -78,6 +78,8 @@ When the cryptographic operation requires a PIN to access the key, \fBpkcs15\-crypt\fR will prompt the user for the PIN on the terminal\&. Using this option allows you to specify the PIN on the command line\&. Note that on most operating systems, the command line of a process can be displayed by any user using the ps(1) command\&. It is therefore a security risk to specify secret information such as PINs on the command line\&. +.IP +If you specify '-' as PIN, it will be read from STDIN. .TP \fB\-\-verbose, \-v\fR --- opensc-0.10.0/src/tools/pkcs15-crypt.c.orig 2005-12-07 11:46:56.000000000 -0200 +++ opensc-0.10.0/src/tools/pkcs15-crypt.c 2005-12-07 12:02:51.000000000 -0200 @@ -78,7 +78,7 @@ "Input file is a SHA-1 hash", "Input file is a MD5 hash", "Use PKCS #1 v1.5 padding", - "Uses password (PIN) <arg>", + "Uses password (PIN) <arg> (use - for reading PIN from STDIN)", "Wait for card insertion", "Verbose operation. Use several times to enable debug output.", }; @@ -87,14 +87,34 @@ sc_card_t *card = NULL; struct sc_pkcs15_card *p15card = NULL; +char *readpin_stdin() +{ + char buf[128]; + char *p; + + p = fgets(buf, sizeof(buf), stdin); + if (p != NULL) { + p = strchr(buf, '\n'); + if (p != NULL) + *p = '\0'; + return strdup(buf); + } + return NULL; +} + static char * get_pin(struct sc_pkcs15_object *obj) { char buf[80]; char *pincode; struct sc_pkcs15_pin_info *pinfo = (struct sc_pkcs15_pin_info *) obj->data; - if (opt_pincode != NULL) - return strdup(opt_pincode); + if (opt_pincode != NULL) { + if (opt_pincode[0] == '-') + return readpin_stdin(); + else + return strdup(opt_pincode); + } + sprintf(buf, "Enter PIN [%s]: ", obj->label); while (1) { pincode = getpass(buf);