OpenPGP card reset procedure

Niels Laukens niels at dest-unreach.be
Wed Feb 27 14:00:35 CET 2013


Hi,

I'm not sure if this is the right list for this question, but since
Werner is on this list and given his reputation, I'd give it a shot.

I'm trying to understand how the card-reset procedure works on OpenPGP
2.0 cards. No particular need, just because I'm curious.

>From what I understand, the procedure first locks the User PIN by
sending 4 VERIFY-commands with the same (wrong) PINcode.
It next locks the Admin PIN using a similar procedure.

But then:
> scd apdu 00 e6 00 00
D[0000]  90 00                                              ..
OK
> scd apdu 00 44 00 00
D[0000]  90 00                                              ..
OK

According to my understanding, this will ACTIVATE FILE, and next
TERMINATE DF.

While the spec seems to indicate the reverse should be done:
TERMINATE DF:
> The command puts the applica-
> tion into the termination state.
> After termination only SELECT
> FILE and ACTIVATE FILE are
> available


Either way, the procedure (with first ACTIVATE and next TERMINATE) seems
to work, I just don't understand how...

Thx,
Niels



More information about the Gnupg-users mailing list