Delete key from OpenPGP card?

Achim Pietig achim at
Mon Mar 4 10:12:11 CET 2013


several data objects have a fixed lenght, in the specification DO 'C9' is defined with 20 bytes.
The card checks the correct length for PUT DATA.
Variable lenght DOs are defined with length from 0 to max or min to max.

Virgin cards have a content of 20 bytes with '00' in fingerprint and other fixed lenght DOs.

To delete a fingerprint you have to write 20 zeros to the DO: 00 DA 00 C9 14 000000 ...


Am 04.03.2013 08:48, schrieb Nguyễn Hồng Quân:
> Hello,
> I'm implementing "delete key" in OpenSC for OpenPGP card.
> To delete authentication key, for example, I think I have to empty these
> DOs:
> - 00C9, containing fingerprint for the key
> - 00D0, containing creation time for the key
> and rewrite the Extended header list with 00DB command.
> However, I failed to empty 00C9. I tried these APDU:
> 1. 00 DA 00 C9
> Return error 6700 (Wrong length)
> 2. 00 DA 00 C9 00
> Return error 6400 (Execution error)
> The 1st form, I tried with normal DO, like 005B, and succeeded.
> The 2nd form, I referenced
> (This script is for Gnuk card and success with Gnuk).
> Why none of these APDU work with OpenPGP card? What is the correct APDU
> for OpenPGP?

More information about the Gnupg-devel mailing list