| Yubico Forum https://forum.yubico.com/ |
|
| Changing OpenPGP PINs afterwards https://forum.yubico.com/viewtopic.php?f=26&t=1928 |
Page 1 of 1 |
| Author: | paradonym [ Fri Jun 19, 2015 8:33 pm ] |
| Post subject: | Changing OpenPGP PINs afterwards |
I try to change the OpenPGP smartcard PINs after creation of the keypairs Code: Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Corporation. Alle Rechte vorbehalten. C:\Windows\system32>gpg --card-edit <snip> PIN retry counter : 3 3 3 Signature counter : 5 <snip> gpg/card> admin Admin-Befehle sind erlaubt gpg/card> passwd gpg: OpenPGP Karte Nr. <snip> erkannt 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Ihre Auswahl? 1 Error changing the PIN: Nutzungsvorraussetzungen nicht erf³llt 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Ihre Auswahl? 3 Error changing the PIN: Nutzungsvorraussetzungen nicht erf³llt 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Ihre Auswahl? 2 Error unblocking the PIN: Ung³ltiger Wert 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Ihre Auswahl? key info is correct, fingerprints are shown right... Trying to change the PIN and the admin PIN from default the gpg program says something like "usage prerequirities not present" trying to unblock the PIN it says "invalid value"... so how do I change the PINs after initial creation of the keypair to not use the default PINs? What do I do wrong in the commands pasted here? the HowTo https://www.yubico.com/2012/12/yubikey-neo-openpgp/ says --change-pin - so should I use "gpg --card-edit --change-pin" ?, the card-edit dev document examples https://developers.yubico.com/PGP/Card_edit.html should show me the right way to do it - that's the way I tried above... |
|
| Author: | paradonym [ Mon Jun 22, 2015 7:19 am ] |
| Post subject: | Re: Changing OpenPGP PINs afterwards |
Can't I change the PIN after a key is written to the card? So do I have to change the PIN before generating a key and writing it to the card? |
|
| Author: | Tom2 [ Mon Jun 22, 2015 1:08 pm ] |
| Post subject: | Re: Changing OpenPGP PINs afterwards |
Are you using 8 digits for the admin pin ? |
|
| Author: | paradonym [ Mon Jun 22, 2015 1:11 pm ] |
| Post subject: | Re: Changing OpenPGP PINs afterwards |
No, are user and admin PIN fixed digit? |
|
| Author: | Tom2 [ Mon Jun 22, 2015 1:20 pm ] |
| Post subject: | Re: Changing OpenPGP PINs afterwards |
No minimum 8, please try 12345678 |
|
| Author: | paradonym [ Mon Jun 22, 2015 1:22 pm ] |
| Post subject: | Re: Changing OpenPGP PINs afterwards |
I tried an 8 digit PIN - it worked - also a 6 digit PIN for the standard PIN - thanks for the clarification - as the gpg error messages don't clearly say that there's a minimum PIN length... Just something to add: I still can't set the reset code - using the new admin PIN I configured... - Is there also a 6-digit-limitation? Because GPG says that there's a wrong PIN even if I double checked the PIN |
|
| Author: | Tom2 [ Mon Jun 22, 2015 1:28 pm ] |
| Post subject: | Re: Changing OpenPGP PINs afterwards |
http://g10code.com/docs/openpgp-card-2.0.pdf chapter 4.2 |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|