How to reset the PIN counter

Peter Lebbing peter at
Sun Feb 8 10:40:56 CET 2015

On 07/02/15 21:45, Rainer Keller wrote:
> Unfortunatly this seemed to brick the card.
> "gpg: OpenPGP card not available: Not supported"
> Gnupg does not detect the card anymore.

Fortunately, your card is not bricked. But GnuPG can't access it anymore. If you
have a recent enough version of GnuPG, there is a new command that helps in
getting low-level access to the card even though opening the OpenPGP application
on the card no longer works: scd serialno undefined.

This gpg-connect-agent script ought to get your card back on its feet:

scd serialno undefined
scd apdu 00 a4 04 00 06 d2 76 00 01 24 01
scd apdu 00 44 00 00
scd apdu 00 e6 00 00

If it doesn't, you could try swapping the order of the last two lines. There's a
bug in the OpenPGP card related to those two commands, but it was fixed in a
minor revision to the card, so it depends on your specific card. It's not clear
to me how this works out for the exact commands to send.

For me it looked like this (with an intentionally "bricked" test card):

$ gpg-connect-agent
> /hex
> scd serialno undefined
> scd apdu 00 a4 04 00 06 d2 76 00 01 24 01
D[0000]  62 85                                              b.
> scd apdu 00 44 00 00
D[0000]  90 00                                              ..
> scd apdu 00 e6 00 00
D[0000]  69 85                                              i.

If you don't get a 90 00 back with the second to last command, that would
probably be an indicator you need to swap the two. In any case, I'm interested
in what it outputs for you, as it helps me learn about the OpenPGP card. The two
bytes returned for every command sent are a status code, and they give
information on what the card thought of the command.



PS: For people who are interested in what it all *means*: the large-ish APDU I
send first is the command to select the OpenPGP application on the card; it's
exactly the same as GnuPG normally does. However, the card returns an error
62 85 "Selected file in termination state", and GnuPG is not so happy about
that, so it won't go on after that. We, however, know this is as expected and
simply continue with the following commands.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list