Terminating and reactivating an OpenPGPCard and/or CryptoStick

Peter Koch pk at opensc-project.org
Thu Jul 29 20:35:20 CEST 2010

Hi Werner (and of course anybody else who wants to answer the
following question)!

I would like to reset a CryptoStick. As you might know a CryptoStick
is a USB card reader with a builtin OpenPGP V2 card.

According to the handbook this should be easy. Just a TERMINATE DF
followed by an ACTIVATE FILE.

But the handbook also mentions that some OpenPGP card might supprt
these commands and others might not. And the last three historical bytes
will answer the questions wether a card has TERMINATE/ACTIVATE-support or not.

The ATR of my CryptoStick is:
3B:FA:13:00:FF:81:31:80:45:00:31:C1:73:C0:01:00:00:90:00:B1, so the last three
historical bytes are 00:90:00 and page 27 of the OpenPGP V2 manuals explains:

> The last 3 bytes of the Historical bytes in this format are a status indicator
> byte and two processing status bytes SW1/SW2 (normally 9000).
> The status indicator byte is evaluated by the OpenPGP application as follows:
> 00 =No information given
> Card does not offer life cycle management, commands TERMINATE DF and ACTIVATE FILE are not supported
> 03 =Initialisation state
> OpenPGP application can be resetted to default values with an ACTIVATE FILE command
> 05 =Operational state (activated)
> Card supports life cycle management, commands TERMINATE DF and ACTIVATE FILE are available

So should I nevertheless block all my PINs and give it a try??


More information about the Gnupg-devel mailing list