Aw: Re: Re: SmartCard v2.1 : factory reset fails

Fib Moro fibmoro at gmx.de
Thu Feb 16 12:33:58 CET 2017


Dear Yutaka,

> 
> Let us show more info about your key.  I'm afraid your key size
> is not the one OpenPGP card supports.  I tested RSA-2048 with
> OpenPGP card version 2.1, it works fine for me.
> -- 
> 

==================
1. Moving keys to card
==================

Using the correct default Admin PIN value of *12345678* I could now
successfully move private keys to card, which also set the PIN retry counter
correctly:

>>>>>>>>>>>>>
gpg/card> verify 
...
Key attributes ...: rsa4096 rsa4096 rsa4096
...
PIN retry counter : 3 3 3
...
<<<<<<<<<<<<<

Sofar so good.

===================
2. Changing Admin PIN
===================

However, one quite awkward behavior I noticed that I think caused a whole lot
confusion on my side. 

On a card after fresh factory-reset, the first thing I did was trying to set
Admin PIN:

>>>>>>>>>>>>>
gpg/card> admin
Admin commands are allowed

gpg/card> passwd
gpg: OpenPGP card no. DXXX detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 3
<<<<<<<<<<<<<

It then asks me to "Please enter the Admin PIN".
Now, in the believe that *123456789* was the correct default Admin PIN value,
I would enter this *wrong* value.
I am then prompted to enter "New Admin PIN" value and confirm that. 
Let's say I use the value *smartcardrocks*.
My change is then confirmed with;

>>>>>>>>>>>>>
PIN changed.
<<<<<<<<<<<<<

I would now be in the believe that *smartcardrocks* is the new correct Admin
PIN.
However, any subsequent command that would require the Admin PIN would fail
(e.g. moving keys to card, setting reset code, changing admin pin).

For example, when I try to set a new reset code I am asked to enter the Admin
PIN. 
I enter *smartcardrocks* I get "Error setting the Reset Code: Bad PIN".
I enter *12345678* I also get "Error setting the Reset Code: Bad PIN".

I seems the Admin PIN is then broken and set to an "unknown" value.

Can you replicate the above described behavior?

Thank you kindly.

fibmoro



More information about the Gnupg-users mailing list