OpenPGP card: verify or set a PIN -> "Conditions of use not satisfied" (69 85)

Chris Boyle chris at boyle.name
Thu Aug 25 23:11:39 CEST 2011


Hi, I'm not sure whether this is a GPG problem as such (and if not, I
would appreciate a pointer to a suitable list), but I just received an
OpenPGP v2 card today from Kernel Concepts and am encountering
"Conditions of use not satisfied" when trying to verify or change
either of the PINs. An example log, trying to verify the default admin
PIN, is:

scdaemon[11914]: chan_7 -> INQUIRE NEEDPIN |A|Please enter the Admin PIN
scdaemon[11914]: chan_7 <- [ 44 20 31 32 33 34 35 36 37 38 00 00 00 00
00 00 ...(76 byte(s) skipped) ]
scdaemon[11914]: chan_7 <- END
2011-08-25 21:49:08 scdaemon[11914] DBG: send apdu: c=00 i=20 p1=00
p2=83 lc=8 le=-1 em=0
2011-08-25 21:49:08 scdaemon[11914] DBG:  raw apdu: 00 20 00 83 08 31
32 33 34 35 36 37 38
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: PC_to_RDR_XfrBlock:
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   dwLength ..........: 13
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bSlot .............: 0
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bSeq ..............: 204
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bBWI
..............: 0x04
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:
wLevelParameter ...: 0x0000
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   [0010]  00 20
00 83 08 31
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   [0016]  32 33
34 35 36 37 38
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: RDR_to_PC_DataBlock:
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   dwLength ..........: 2
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bSlot .............: 0
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bSeq ..............: 204
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bStatus ...........: 0
2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   [0010]  69 85
2011-08-25 21:49:08 scdaemon[11914] DBG:  response: sw=6985  datalen=0
2011-08-25 21:49:08 scdaemon[11914] verify CHV3 failed: Conditions of
use not satisfied
scdaemon[11914]: chan_7 -> ERR 100663427 Conditions of use not satisfied <SCD>

The only discussions I could find of people seeing this error in this
situation were where people had deny-admin set, which I don't.

The reader is a Vasco DP855 which I received new a few days ago. I
have no other reader. I have tried the reset-to-factory-defaults file,
which did not change my results.

Does anyone have any idea what might cause this response? I looked at
the OpenPGP v2 spec and it just mentioned it as a possible error, not
causes.

Thanks,
-- 
Chris Boyle
http://chris.boyle.name/



More information about the Gnupg-devel mailing list