Oh Dear, Pin Entry Broken on openPGP card!

Werner Koch wk at gnupg.org
Mon Jun 23 16:56:39 CEST 2008


On Mon, 23 Jun 2008 12:36, eddrobinson at gmail.com said:

> [When pinentry pops up it says: "Please enter the PIN (`PIN') to
> unlock the card".  I then enter my pin, the box closes and the
> terminal repsonds with:]

I was wrong.  Your first try with "unblock PIN" was correct.  The
unblocking requires the Admin-PIN which makes perfect sense because the
PIN as already been blocked. 

There might be a problem in the code.  I have no time today to check
this, so I need to ask you to help with debugging:

 - Put "debug 2048" into ~/.gnupg/scdaemon.conf
 - Put "logfile /foo/bar/scdaemon.log"" into ~/.gnupg/scdaemon.conf
 - Kill scdaemon ("pkill scdaemon" two time and check that it has gone).
 - Try again to unblock the PIN
 - Sanitize the log file:  Look for
     : connection to PIN entry established
     : send apdu: c=00 i=20 p0=00 p1=82 lc=6 le=-1
     :   APDU_data: 00 20 00 82 06 31 32 33 34 35 36
                                   ^^^^^^^^^^^^^^^^^
     :  response: sw=9000  datalen=0
     :      dump:  
   The marked bytes makes up your passphrase.  In this case "123456",
   the byte just before is the length of the psssphrase.  Remove theat
   from the log file.  The example above is for the regualr PIN, you
   will be asked for the adming pin, which should look more like:
     : send apdu: c=00 i=20 p0=00 p1=83 lc=8 le=-1
     :   APDU_data: 00 20 00 83 08 31 32 33 34 35 36 37 38
 - Send me the log file (wk at gnupg.org).  I need a couple of lines more
   than shown above.  In particular the lines with i=24 and i=2c.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list