Resetting an OpenPGP smart card "bricks" it

Chris Boot bootc at bootc.net
Tue Mar 11 18:20:59 CET 2014 

On 11/03/14 16:10, Werner Koch wrote:
> On Tue, 11 Mar 2014 11:44, bootc at bootc.net said:
> 
>> reverse the last two APDUs (e6 then 44 rather than 44 then e6). I
>> believe that E6 is 'TERMINATE DF' and 44 is 'ACTIVATE FILE', so the 2009
>> instructions are probably correct while the 2013 ones are not.
> 
> IIRC, early v2 cards have a bug which partly reverses terminate and
> activate.  Thus there should actually be 4 versions of the instructions.
> Unfortunately I have never worked out the details.  My way of resetting
> the card is using the commands several times while inbetween removing
> the card from the reader.

Hi Werner,

Hmm. I did my two cards by:

1. Plugging in reader with embedded card (I'm using Gemalto IDBridge K30
and K50 readers).
2. gpg2 --card-status
3. gpg-connect-agent, then run commands as per your email
4. Unplug reader with card.
5. Plug in again and find that gpg2 --card-status fails.

If it's any use, the two cards in question have serial numbers:
- 000500001BDE
- 0005000020D5

>> run on them, please? I can't even get gpg-connect-agent to talk to the
>> cards now ("gpg: OpenPGP card not available: Not supported"), nor even
>> tools like opensc-explorer.
> 
> There is a little trick here:
> 
>   > scd reset
>   OK
>   > scd serialno undefined
>   S SERIALNO FF7F00 0
> 
> The SEARIALNO command takes an option argument to select the
> application.  You may use 'undefined' followed by standard APDU
> commands:
> 
>   @subsection The Undefined card application ``undefined''
>   
>   This is a stub application to allow the use of the APDU command even
>   if no supported application is found on the card.  This application is
>   not used automatically but must be explicitly requested using the
>   SERIALNO command.

Hi Werner,

Unfortunately, neither "bricked" card appears to want to respond to the
serialno command:

$ gpg-connect-agent
> /hex
> reset
OK
> scd serialno undefined
ERR 100663356 Not supported <SCD>
> scd apdu 00 e6 00 00
ERR 100663351 Invalid value <SCD>
> scd apdu 00 44 00 00
ERR 100663351 Invalid value <SCD>
>

This is running GnuPG 2.0.22.

Cheers,
Chris

-- 
Chris Boot
bootc at bootc.net

More information about the Gnupg-users mailing list