Conditions for changing admin PIN not clarified (GNUK)

Alexander Paetzelt | Nitrokey alex at
Thu Dec 14 14:36:38 CET 2017

Hello everyone,

we realized (because of the question of a user), that there are
conditions in which GnuPG is not questioning to short PIN for admin.
This seems to be specific for Gnuk devices, as I could not reproduce on
OpenPGP Card 2.1

This is what happened:

* factory-reset of device (NK Start with Gnuk 1.2.6, maybe other
versions are affected as well)
* 'gpg --card-edit' -> admin -> passwd -> 3 -> '12345678' to 'newpin'
* "PIN changed." message stated that everything is fine, although admin
needs 8 character
* neither '12345678' nor 'newpin' is accepted afterwards

This is on GnuPG 2.2.3 on Arch Linux (which should not matter).

What shall I do, file a bug? Is this a bug in GnuPG or Gnuk? This seems
to be related to the admin-less mode, although changing admin PIN first
shouldn't trigger this, does it?

Kind regards

More information about the Gnupg-users mailing list