Aw: Re: Re: Re: SmartCard v2.1 : factory reset fails

Fib Moro fibmoro at gmx.de
Fri Feb 17 11:35:00 CET 2017 

Dear Yutaka,

> 
> Thanks a lot for your report in detail, in the style which I can replicate.
> 
> I'm afraid you are facing same issue what I encountered in 2011.
> 
> CHANGE REFERENCE DATA (OpenPGP card specification 2.0):
> https://www.gniibe.org/log/bugreport/gnupg/openpgp-card-spec-2.0-chenge-reference-data.html
> 
> IIUC, this protocol is due to smartcard practice and standard.  I had
> asked Achim (the author of OpenPGPcard specification) if this could be
> changed.  No positive answer, but I think that the problem is clear
> enough.
> 

Then I'm very much relieved that my issue was confirmed. :-)

To reflect a little further, locking the smartcard (AdminPIN) is probably a rather rare event, it was actually a first time experience for me. 
However, considering the importance of a functioning and secure key, the process of restoring the key caused quite some trouble for me:

The first blocking point I encountered was that when reimporting the private key (subkeys) into my keyring they would be unusable as they would still refer to the keys on the blocked smartcard. To remove these "stubs" I had to manually delete the according keygrip files in ".gnupg/private-keys-v1.d". Only then would an import of the private keys work correctly.

The next challenge was to find out if and how I could actually reset my version of smartcard. Fortunately I could find the instructions by Werner Koch in a mailing list post from 2009. It was probably in this situation of stress that I entered the wrong Admin PIN of *123456789* which left me entirely confused and frustrated.

Maybe I should write a little post of "How to reset your smartcard (version > 2.1) and things that could go wrong" so the next candidates can benefit from the learning?

In any case, I would like to thank you and all the people who patiently helped me along the way to resolve this issue.

Last but not least I'd like to thank all the GnuPG developers for creating and maintaining this technology. Often I hear or read from people that GnuPG was to "hard" and "out of date".  I still consider it one of the most important tools for secure communication in our digital age. So thank you very much again for your efforts!

Sincerely,

fibmoro

More information about the Gnupg-users mailing list