Aw: Re: Re: SmartCard v2.1 : factory reset fails

Fib Moro fibmoro at
Thu Feb 16 12:33:58 CET 2017

Dear Yutaka,

> Let us show more info about your key.  I'm afraid your key size
> is not the one OpenPGP card supports.  I tested RSA-2048 with
> OpenPGP card version 2.1, it works fine for me.
> -- 

1. Moving keys to card

Using the correct default Admin PIN value of *12345678* I could now
successfully move private keys to card, which also set the PIN retry counter

gpg/card> verify 
Key attributes ...: rsa4096 rsa4096 rsa4096
PIN retry counter : 3 3 3

Sofar so good.

2. Changing Admin PIN

However, one quite awkward behavior I noticed that I think caused a whole lot
confusion on my side. 

On a card after fresh factory-reset, the first thing I did was trying to set
Admin PIN:

gpg/card> admin
Admin commands are allowed

gpg/card> passwd
gpg: OpenPGP card no. DXXX detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Your selection? 3

It then asks me to "Please enter the Admin PIN".
Now, in the believe that *123456789* was the correct default Admin PIN value,
I would enter this *wrong* value.
I am then prompted to enter "New Admin PIN" value and confirm that. 
Let's say I use the value *smartcardrocks*.
My change is then confirmed with;

PIN changed.

I would now be in the believe that *smartcardrocks* is the new correct Admin
However, any subsequent command that would require the Admin PIN would fail
(e.g. moving keys to card, setting reset code, changing admin pin).

For example, when I try to set a new reset code I am asked to enter the Admin
I enter *smartcardrocks* I get "Error setting the Reset Code: Bad PIN".
I enter *12345678* I also get "Error setting the Reset Code: Bad PIN".

I seems the Admin PIN is then broken and set to an "unknown" value.

Can you replicate the above described behavior?

Thank you kindly.


More information about the Gnupg-users mailing list