| Yubico Forum https://forum.yubico.com/ |
|
| [SOLVED] Cannot reset PIN using gpg-connect-agent https://forum.yubico.com/viewtopic.php?f=35&t=2290 |
Page 1 of 1 |
| Author: | jerlev [ Tue Apr 26, 2016 8:54 pm ] |
| Post subject: | [SOLVED] Cannot reset PIN using gpg-connect-agent |
The PIN for my Yubikey 4 (nano) is blocked (too many wrong entries). The PUK is also blocked (by default). To reset the PIN I used the instructions provided here (https://developers.yubico.com/ykneo-openpgp/ResetApplet.html). However it does not seem to work. First I check that the pin is blocked (69 83 confirms that the PIN is blocked, according to https://lists.gnupg.org/pipermail/gnupg-users/2009-September/037414.html): Code: gpg-connect-agent --hex > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 83 i. OK I then proceed to "terminate" and "reactivate" the card as instructed in either links above: Code: > scd apdu 00 e6 00 00 D[0000] 69 82 i. OK > scd apdu 00 44 00 00 D[0000] 90 00 .. OK However my PIN remains blocked: Code: gpg-connect-agent --hex > scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 D[0000] 69 83 i. OK I also tried yubico-piv-tool, but no luck: Code: yubico-piv-tool -a reset Reset failed, are pincodes blocked? I must be missing something obvious. Any ideas? |
|
| Author: | ChrisHalos [ Wed Apr 27, 2016 1:31 am ] |
| Post subject: | Re: [QUESTION] Cannot reset PIN using gpg-connect-agent |
viewtopic.php?f=35&t=2193#p8245 Also, please note that the PIV and OpenPGP applets are completely autonomous and have their own PINs. OpenPGP: default PIN - 123456 default Admin PIN - 12345678 PIV: default PIN - 123456 default PUK - 12345678 The PIN and Admin PIN / PUK for both the OpenPGP and PIV applets always begin with a retry counter of 3 each, so if you haven't locked out both the PIN and Admin PIN yourself, you need to do so before attempting to reset the applet. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|