Scripted reset of PINs on smartcards.
Dirk-Willem van Gulik
dirkx at webweaving.org
Sun Jul 30 19:29:29 CEST 2017
Am I right in understanding that, unless one wants to get into chat-expect and a fair bit of state logic behind a `fake’ pinentry — one cannot easily edit the PINs on a (fresh) smartcard by piping in a command sequence?
And in order to do so - does one really have to talk to the scdaemon directly ? Or is there a way to pass the (binary) PINs’ through a normal gpg-connect-agent channel (with the SCD prefix) ?
Dw.
#!/bin/sh
# Factory default
OLDMASTER=12345678
NEWMASTER=${MASTER:-87654321}
NEWPIN=${PIN:-654321}
NEWRESET=${RESET:-010101}
# Reset the OpenPGP applet on the card.
#
cat <<EOM | gpg-connect-agent
/hex
scd serialno
……..snipped …..
scd apdu 00 44 00 00
EOM
# Set the PINs to non-factory defaults.
#
(
echo PASSWD 3
((echo -n D $OLDMASTER; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
echo END
((echo -n D $NEWMASTER; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
echo END
echo PASSWD --reset 1
((echo -n D $NEWMASTER; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
echo END
((echo -n D $NEWPIN; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
echo END
echo PASSWD --reset 2
((echo -n D $NEWMASTER; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
echo END
((echo -n D $NEWRESET; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
echo END
……..snipped …..
echo BYE
) | nc -U $XXXX/S.scdaemon
More information about the Gnupg-users
mailing list