OpenPGP card: verify or set a PIN -> "Conditions of use not satisfied" (69 85)

Fri Aug 26 15:45:13 CEST 2011

Hi,

I just checked your reader, it is a PIN-PAD. These devices may have a mode that they trace the APDUs for a PIN command
and try to redirect it to the keyboard and display.
It is possible that this reader recognizes the 0020 command, but cannot interprete the data (no banking format e.g.).
In that case the error 6985 comes from the reader itself...

Regards,
Achim

Am 25.08.2011 23:11, schrieb Chris Boyle:
> Hi, I'm not sure whether this is a GPG problem as such (and if not, I
> would appreciate a pointer to a suitable list), but I just received an
> OpenPGP v2 card today from Kernel Concepts and am encountering
> "Conditions of use not satisfied" when trying to verify or change
> either of the PINs. An example log, trying to verify the default admin
> PIN, is:
> 
> scdaemon[11914]: chan_7 -> INQUIRE NEEDPIN |A|Please enter the Admin PIN
> scdaemon[11914]: chan_7 <- [ 44 20 31 32 33 34 35 36 37 38 00 00 00 00
> 00 00 ...(76 byte(s) skipped) ]
> scdaemon[11914]: chan_7 <- END
> 2011-08-25 21:49:08 scdaemon[11914] DBG: send apdu: c=00 i=20 p1=00
> p2=83 lc=8 le=-1 em=0
> 2011-08-25 21:49:08 scdaemon[11914] DBG:  raw apdu: 00 20 00 83 08 31
> 32 33 34 35 36 37 38
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: PC_to_RDR_XfrBlock:
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   dwLength ..........: 13
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bSlot .............: 0
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bSeq ..............: 204
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bBWI
> ..............: 0x04
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:
> wLevelParameter ...: 0x0000
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   [0010]  00 20
> 00 83 08 31
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   [0016]  32 33
> 34 35 36 37 38
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: RDR_to_PC_DataBlock:
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   dwLength ..........: 2
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bSlot .............: 0
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bSeq ..............: 204
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   bStatus ...........: 0
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:   [0010]  69 85
> 2011-08-25 21:49:08 scdaemon[11914] DBG:  response: sw=6985  datalen=0
> 2011-08-25 21:49:08 scdaemon[11914] verify CHV3 failed: Conditions of
> use not satisfied
> scdaemon[11914]: chan_7 -> ERR 100663427 Conditions of use not satisfied <SCD>
> 
> The only discussions I could find of people seeing this error in this
> situation were where people had deny-admin set, which I don't.
> 
> The reader is a Vasco DP855 which I received new a few days ago. I
> have no other reader. I have tried the reset-to-factory-defaults file,
> which did not change my results.
> 
> Does anyone have any idea what might cause this response? I looked at
> the OpenPGP v2 spec and it just mentioned it as a possible error, not
> causes.
> 
> Thanks,