Hi, according to the documentation [0], the unblock PIN command for a OpenPGP smart card allows the user to choose a new user PIN. But on my smart card, the command fails with the error message “Error unblocking the PIN: Conditions of use not satisfied” if I choose a new PIN. It succeeds if I enter the current user PIN. Is this a bug in GnuPG, or is my smart card not working properly? Or am I missing something?
I’m using a Nitrokey Storage with a ZeitControl OpenPGP v3.3 smart card. I attached the transcript of a shell session showing the problem. For the first unblock command, I chose a new user PIN. For the second, I entered the current user PIN. /Robin [0] https://www.gnupg.org/howtos/card-howto/en/ch03s02.html
$ gpg --card-status Reader ...........: 20A0:4109:0000000000000:0 Application ID ...: D27600012401030300050000636F0000 Version ..........: 3.3 Manufacturer .....: ZeitControl Serial number ....: 0000636F Name of cardholder: [not set] Language prefs ...: de Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa4096 rsa2048 rsa2048 Max. PIN lengths .: 64 64 64 PIN retry counter : 0 0 3 Signature counter : 0 KDF setting ......: on Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] $ gpg --change-pin gpg: OpenPGP card no. D27600012401030300050000636F0000 detected 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Your selection? 2 Error unblocking the PIN: Conditions of use not satisfied 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Your selection? 2 PIN unblocked and new PIN set.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
