Dear GnuPG-Users List. I'm having trouble with resetting my smartcard version 2.1.
After posting a bug report for GnuPG Werner Koch asked me to re-post my question on this mailing list [0]. To answer his quick hint: factory-reset did unfortunately not work as I already mentioned in my original request. Please read more for further details below. Thank you kindly for your support! ======================================== I have accidentally blocked my smartcard version 2.1 after entering AdminPIN 3 times with wrong value. According to the link on my card provider's homepage I tried to follow the instructions by Werner to reset the card [1]. I then get the state (gpg --card-edit; verify): =================== Reader ...........: Gemalto USB Shell Token V2 (78111413) 00 00 Application ID ...: D2760001240102010005000046840000 Version ..........: 2.1 Manufacturer .....: ZeitControl Serial number ....: 0000XXXX Name of cardholder: [not set] Language prefs ...: de Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] =================== I can then successfully change the PIN as well as AdminPIN. However, when I try to write a key to the card (gpg --edit-key xxx; keytocard) I get a message "Error setting the Reset Code: Bad PIN". The same issue occurs when try set a Reset Code on the card (gpg --card-edit; admin; passwd => set the Reset Code). In both cases I am very certain that I'm entering the correct PIN/AdminPIN as I have also tried to execute the reset process setting different PINs or even leaving the default PIN values multiple times. Trying to factory reset from "gpg --card-edit" menu didn't help either. Is my card bricked? Am I doing something wrong? One thing I noticed is the second 0 in the "PIN retry counter" value after reset. From [2]: "This field saves how many tries still are left to enter the right PIN. They are decremented whenever a wrong PIN is entered. They are reset whenever a correct AdminPIN is entered. The first and second PIN are for the standard PIN. gpg makes sure that the two numbers are synchronized. The second PIN is only required due to peculiarities of the ISO-7816 standard; gpg tries to keep this PIN in sync with the first PIN. The third PIN represents the retry counter for the AdminPIN." My current setup is: ==================== gpg 2.1.15 ccid 1.4.24 pcsc-lite 1.8.20 (with udev) ==================== Thank you kindly for your help and feedback. fibmoro ____________________________________________________________________________ [0] https://bugs.gnupg.org/gnupg/issue2952 [1] https://lists.gnupg.org/pipermail/gnupg-users/2009-September/037414.html [2] https://www.gnupg.org/howtos/card-howto/en/ch03.html#id2521300 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
