Missing feedback when changing a card pin fails

Johannes Zarl-Zierl johannes at zarl-zierl.at
Thu Mar 22 22:37:22 CET 2018


I've just spent half an hour scratching my head over an issue that should have 
been simple:

I initialized a new OpenPGP card (v2.1 from Zeitcontrol) and changed the 
(user) pin.

After this, I used the verify command to check whether the pin was working: I 
put my pin into the pinentry dialog, and verified that the retry count 
afterwards was still "3 0 3".
Still, when I was prompted the pin afterwards I got the error "wrong pin". 
Strangely enough, the retry counter did not decrease when entering the pin. 
Entering a different random pin resulted in the retry counter decreasing as it 

[Fast-forward through lots of head-scratching, mild swearing and asking myself 
whether the card was broken.]

In the end the simple truth was that my pin code only had 5 digits, but the 
minimum length is higher. Yes, I know that I *should* know the minimum pin-
code length for my card, and that I *should* use longer pins anyways.

Is it possible to issue some kind of diagnostic for this? I.e. either a 
warning/error message when changing the pin, or at least the "verify" command 
issuing a warning on an incorrect pin?

Btw. my gpg version is 2.2.5.


More information about the Gnupg-users mailing list