OpenPGP card: how to lock the card again so that PIN is required
Dirk Gottschalk
dirk.gottschalk1980 at googlemail.com
Tue Jan 1 18:40:56 CET 2019
Hello Matthias.
Am Dienstag, den 01.01.2019, 08:36 +0100 schrieb Matthias Apitz:
> Hello,
> This is with gnupg-2.2.12 and pcsc-lite-1.8.23. After an update of
> the System (FreeBSD CURRENT) the /usr/local/sbin/pcscd does no work
> anymore with the OpenPGP card (HID Global OMNIKEY 6121 Smart Card
> Reader) after withdraw and re-insert. It works fine after boot, I
> have to enter the PIN to unlock the card and all tested functions are
> working.
Did you check the config for pcscd? Probably it was overwrittenby the
update process.
> I have to investigate this further or change the 'scdaemon' to let it
> directly access the OpenPGP bypassing the 'pcscd' (comments on this
> are welcome).
You can use the internal ccid-reader of scdaemon. This should work with
the OmniKey readers, AFAIK. You have to disable PC/SC, oherwise this
won't work.
> How can I meanwhile 'reset' the OpenPGP card so that on next request
> for the secrets (decrypt, signing, ssh) the PIN is requested?
For the signature PIN just enable the forcepin option as admin with
--card-edit. The for the other functions you need to power cycle the
card, easiest done by removal and re-insertion.
Regards,
Dirk
--
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany
GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190101/e48bc20d/attachment.sig>
More information about the Gnupg-users
mailing list