From pollo at debian.org Sat Mar 6 22:35:08 2021 From: pollo at debian.org (=?UTF-8?Q?Louis-Philippe_V=c3=a9ronneau?=) Date: Sat, 6 Mar 2021 16:35:08 -0500 Subject: Changing the default Pin Retry number Message-ID: <92291dbc-8f00-b19f-336d-6ae5fb956ae2@debian.org> Hi! I've setup a Nitro Start and I was wondering if there is a way to change the default Pin Retry number? 3 is a little low for me and I'd prefer to use 5. I've found this, but it seems to be Yubikey specific, as it doesn't work for my token: https://developers.yubico.com/ykneo-openpgp/PinRetries.html Cheers, -- ??????? ??????? Louis-Philippe V?ronneau ?????? pollo at debian.org / veronneau.org ??? -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From szczepan at nitrokey.com Mon Mar 8 18:15:30 2021 From: szczepan at nitrokey.com (Szczepan Zalega | Nitrokey) Date: Mon, 8 Mar 2021 18:15:30 +0100 Subject: Changing the default Pin Retry number In-Reply-To: <92291dbc-8f00-b19f-336d-6ae5fb956ae2@debian.org> References: <92291dbc-8f00-b19f-336d-6ae5fb956ae2@debian.org> Message-ID: <8bc60fb3-8f31-f7d4-67a5-0ff758ba0149@nitrokey.com> On 3/6/21 10:35 PM, Louis-Philippe V?ronneau wrote: > I've setup a Nitro Start and I was wondering if there is a way to change > the default Pin Retry number? 3 is a little low for me and I'd prefer to > use 5. > > I've found this, but it seems to be Yubikey specific, as it doesn't work > for my token: > > https://developers.yubico.com/ykneo-openpgp/PinRetries.html > Hi! Nitrokey Start / GNUK does not offer such feature unfortunately. You can however rebuild the firmware with the changed constant named PASSWORD_ERRORS_MAX [1][2]. Maximum value should fit into 1 byte (less than 256). At [5] you should find the build script for development, and [6] used for the release. Procedure like mentioned in the linked docs could be realized by adding a custom command, like the INS_SET_IDENTITY - see [3][4]. Best regards, Szczepan [1] src/openpgp-do.c:44 [2] https://github.com/Nitrokey/nitrokey-start-firmware/blob/gnuk1.2-regnual-fix/src/openpgp-do.c#L44 [3] https://github.com/Nitrokey/nitrokey-start-firmware/blob/gnuk1.2-regnual-fix/src/openpgp.c#L1547 [4] https://github.com/Nitrokey/nitrokey-start-firmware/blob/gnuk1.2-regnual-fix/src/openpgp.c#L914 [5] https://github.com/Nitrokey/nitrokey-start-firmware/blob/gnuk1.2-regnual-fix/docker/Makefile [6] https://github.com/Nitrokey/nitrokey-start-firmware/blob/gnuk1.2-regnual-fix/prebuilt/build_all.sh -- Szczepan Zalega Senior Software Developer Nitrokey GmbH https://www.nitrokey.com Email: szczepan at nitrokey.com Nickname: szszszsz Rheinstr. 10 C, 14513 Teltow, Germany CEO / Gesch?ftsf?hrer: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / USt-IdNr.: DE300136599