Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:04 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Mon Oct 30, 2017 11:42 pm 
Offline

Joined: Mon Oct 30, 2017 11:13 pm
Posts: 1
https://www.gnupg.org/howtos/card-howto/en/ch03s02.html says:

Quote:
Warning

It is also important to know that entering a wrong AdminPIN three times in a row destroys(!) the card. There is no way to unblock the card when a wrong AdminPIN has been entered three times.


Does this apply to yubikeys? I'm very new to the world of smart cards and gpg as well. Is this link relevant? https://developers.yubico.com/ykneo-openpgp/ResetApplet.html.


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Tue Oct 31, 2017 12:22 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
No, but it does mean you would need to reset and any keys on the applet would be lost as a result. This is true for both OpenPGP and PIV, although locking one out doesn't affect the other.


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 31, 2017 7:38 pm 
Offline

Joined: Tue Feb 02, 2016 9:23 pm
Posts: 58
I never heard anything about entering the MGM too often makes the key unusable, I only thought that was for PIN/PUK.


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 31, 2017 11:56 pm 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
He's asking about the OpenPGP applet, NOT the PIV applet

OpenPGP:
PIN
Resetting Code
Admin PIN

PIV:
PIN
PUK
Management Key


Top
 Profile  
Reply with quote  
PostPosted: Wed Nov 01, 2017 12:14 am 
Offline

Joined: Tue Feb 02, 2016 9:23 pm
Posts: 58
But you said that this is true for both pgp and piv.


Top
 Profile  
Reply with quote  
PostPosted: Wed Nov 01, 2017 1:21 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
OpenPGP:
Lock the PIN + Admin PIN = requires reset, lose all data

PIV:
Lock the PIN + PUK = requires a reset, lose all data


Top
 Profile  
Reply with quote  
PostPosted: Wed Nov 01, 2017 7:46 am 
Offline

Joined: Tue Feb 02, 2016 9:23 pm
Posts: 58
Okay i thought that the mgm could lock up because the best equivalent of the admin pin would be the mgm, and locking up the admin pin is possible for both but when it's just pin and puk its okay (also nice that if you screwed up the puk you can go reset the retry counters.)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group