OpenPGP card reset procedure

Werner Koch wk at gnupg.org
Thu Mar 7 14:49:45 CET 2013


On Wed, 27 Feb 2013 14:00, niels at dest-unreach.be said:

> sending 4 VERIFY-commands with the same (wrong) PINcode.
> It next locks the Admin PIN using a similar procedure.

Right.

> According to my understanding, this will ACTIVATE FILE, and next
> TERMINATE DF.
>
> While the spec seems to indicate the reverse should be done:

You are right, I once messed it up somewhere but meahwhile my
gpg-connect-agent script to reset the card is:

/hex
scd serialno
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 44 00 00
scd apdu 00 e6 00 00
/echo card has been reset to factory defaults

Which is as it should be.

> Either way, the procedure (with first ACTIVATE and next TERMINATE) seems
> to work, I just don't understand how...

That is a bug in the card.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list