On 07/02/15 21:45, Rainer Keller wrote: > Unfortunatly this seemed to brick the card. > "gpg: OpenPGP card not available: Not supported" > Gnupg does not detect the card anymore.
Fortunately, your card is not bricked. But GnuPG can't access it anymore. If you have a recent enough version of GnuPG, there is a new command that helps in getting low-level access to the card even though opening the OpenPGP application on the card no longer works: scd serialno undefined. This gpg-connect-agent script ought to get your card back on its feet: /hex scd serialno undefined scd apdu 00 a4 04 00 06 d2 76 00 01 24 01 scd apdu 00 44 00 00 scd apdu 00 e6 00 00 If it doesn't, you could try swapping the order of the last two lines. There's a bug in the OpenPGP card related to those two commands, but it was fixed in a minor revision to the card, so it depends on your specific card. It's not clear to me how this works out for the exact commands to send. For me it looked like this (with an intentionally "bricked" test card): $ gpg-connect-agent > /hex > scd serialno undefined S SERIALNO FF7F00 0 OK > scd apdu 00 a4 04 00 06 d2 76 00 01 24 01 D[0000] 62 85 b. OK > scd apdu 00 44 00 00 D[0000] 90 00 .. OK > scd apdu 00 e6 00 00 D[0000] 69 85 i. OK If you don't get a 90 00 back with the second to last command, that would probably be an indicator you need to swap the two. In any case, I'm interested in what it outputs for you, as it helps me learn about the OpenPGP card. The two bytes returned for every command sent are a status code, and they give information on what the card thought of the command. HTH, Peter. PS: For people who are interested in what it all *means*: the large-ish APDU I send first is the command to select the OpenPGP application on the card; it's exactly the same as GnuPG normally does. However, the card returns an error 62 85 "Selected file in termination state", and GnuPG is not so happy about that, so it won't go on after that. We, however, know this is as expected and simply continue with the following commands. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
