I tried to change the PINs on a fresh NEO, but was confused what the message "Conditions of use not satisfied" means when trying to set the PIN/Admin PIN, and an additional fat-fingered PIN entry means I'm no longer able to use the OpenPGP functionality:
Code:
Application ID ...: D2760001240102000006030106290000
Version ..........: 2.0
Manufacturer .....: Yubico
Serial number ....: 03010629
...
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 0
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
gpg/card> admin
Admin commands are allowed
gpg/card> generate
Make off-card backup of encryption key? (Y/n) n
Please note that the factory settings of the PINs are
PIN = `123456' Admin PIN = `12345678'
You should change them using the command --change-pin
scdaemon[13182]: card is permanently locked!
gpg: error clearing forced signature PIN flag: Bad PIN
I thought these PINs would be possible to change from the PIV tools, but alas, yubico-piv-tool seems to manage a completely different set of PINs, not the ones shown above. Even if I change the PINs by yubic-piv-tool and/or reset the PIV applet, these counters don't seem to change.
The first seem to be the PIN retry, and the third is the admin PIN, but the second doesn't seem to change.
I also thought I would then need to reset everything in the OpenPGP applet (no big deal, as I have no private keys on it yet), but it seems to be this card is now too new to allow us mere mortals to upload new applets (Version 3.3.0)
So is it somehow possible to reset the PIN codes with this version?
Login
FAQ
Search
