Unblocking the user PIN does not work with a new PIN
Robin Krahl
robin.krahl at ireas.org
Fri Dec 28 10:58:29 CET 2018
Hi,
according to the documentation [0], the unblock PIN command for a
OpenPGP smart card allows the user to choose a new user PIN. But on my
smart card, the command fails with the error message “Error unblocking
the PIN: Conditions of use not satisfied” if I choose a new PIN. It
succeeds if I enter the current user PIN. Is this a bug in GnuPG, or is
my smart card not working properly? Or am I missing something?
I’m using a Nitrokey Storage with a ZeitControl OpenPGP v3.3 smart card.
I attached the transcript of a shell session showing the problem. For
the first unblock command, I chose a new user PIN. For the second, I
entered the current user PIN.
/Robin
[0] https://www.gnupg.org/howtos/card-howto/en/ch03s02.html
-------------- next part --------------
$ gpg --card-status
Reader ...........: 20A0:4109:0000000000000:0
Application ID ...: D27600012401030300050000636F0000
Version ..........: 3.3
Manufacturer .....: ZeitControl
Serial number ....: 0000636F
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa2048 rsa2048
Max. PIN lengths .: 64 64 64
PIN retry counter : 0 0 3
Signature counter : 0
KDF setting ......: on
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
$ gpg --change-pin
gpg: OpenPGP card no. D27600012401030300050000636F0000 detected
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 2
Error unblocking the PIN: Conditions of use not satisfied
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 2
PIN unblocked and new PIN set.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181228/d1d959c0/attachment.sig>
More information about the Gnupg-users
mailing list