[Gnuk-users] Gnuk 1.2.3 passwords and counters

Ineiev ineiev at gnu.org
Sun Apr 9 16:21:47 UTC 2017 

Hello,

I've assembled a modification of FST-01 and try to learn how to use it.

The first thing that seems strange for me is that its PIN counter
doesn't decrease when I sign or decrypt using wring PIN values.

Any ideas on what I miss? the rest is a sample session: first I enter
wrong PIN values for decrypting and signing, 4 times; then
gpg --card-status shows that the counters haven't changed,
after that I enter correct PIN value, once to decrypt and once
to sign, and both work (the device is not blocked).

$ gpg --version;gpg --card-status; \
> for i in `seq 4`;do
> gpgconf --kill gpg-agent; gpg --decrypt test.asc;
> gpgconf --kill gpg-agent;
> rm -fr test.asc.asc; gpg -a -b --sign -u 5CAB86184F48E157 test.asc;
> done; \
> gpg --card-status; gpgconf --kill gpg-agent; gpg --decrypt test.asc; \
> gpgconf --kill gpg-agent; \
> rm -fr test.asc.asc; gpg -a -b --sign -u 5CAB86184F48E157 test.asc
gpg (GnuPG) 2.1.20
libgcrypt 1.7.6
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/dti/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Reader ...........: 234B:0000:FSIJ-1.2.3-87253652:0
Application ID ...: D276000124010200FFFE872536520000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87253652
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 3
Signature key ....: A7DF BA6A 91C9 4923 0B62  1520 5CAB 8618 4F48 E157
      created ....: 2017-04-09 13:12:26
Encryption key....: 0848 2FA1 1435 356B 4EDB  30B2 0AFC 4527 CC92 3BCE
      created ....: 2017-04-09 13:12:26
Authentication key: D6B2 47B9 6F13 976C 9D26  87A8 83BE FF16 3587 DF4B
      created ....: 2017-04-09 13:16:53
General key info..: pub  rsa2048/5CAB86184F48E157 2017-04-09 Вася Пушкин <vp at test.org>
sec>  rsa2048/5CAB86184F48E157  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
ssb>  rsa2048/0AFC4527CC923BCE  created: 2017-04-09  expires: never
                                card-no: FFFE 87253652
ssb>  rsa2048/83BEFF163587DF4B  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
ssb>  rsa2048/0AFC4527CC923BCE  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
ssb>  rsa2048/83BEFF163587DF4B  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
ssb>  rsa2048/0AFC4527CC923BCE  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
Please unlock the card

Number: FFFE 87253652
Holder:
PIN:
gpg: encrypted with 2048-bit RSA key, ID 0AFC4527CC923BCE, created 2017-04-09
      "Вася Пушкин <vp at test.org>"
gpg: public key decryption failed: Bad PIN
gpg: decryption failed: No secret key
Please unlock the card

Number: FFFE 87253652
Holder:
Counter: 3
PIN:
gpg: signing failed: Bad PIN
gpg: signing failed: Bad PIN
Please unlock the card

Number: FFFE 87253652
Holder:
PIN:
gpg: encrypted with 2048-bit RSA key, ID 0AFC4527CC923BCE, created 2017-04-09
      "Вася Пушкин <vp at test.org>"
gpg: public key decryption failed: Bad PIN
gpg: decryption failed: No secret key
Please unlock the card

Number: FFFE 87253652
Holder:
Counter: 3
PIN:
gpg: signing failed: Bad PIN
gpg: signing failed: Bad PIN
Please unlock the card

Number: FFFE 87253652
Holder:
PIN:
gpg: encrypted with 2048-bit RSA key, ID 0AFC4527CC923BCE, created 2017-04-09
      "Вася Пушкин <vp at test.org>"
gpg: public key decryption failed: Bad PIN
gpg: decryption failed: No secret key
Please unlock the card

Number: FFFE 87253652
Holder:
Counter: 3
PIN:
gpg: signing failed: Bad PIN
gpg: signing failed: Bad PIN
Please unlock the card

Number: FFFE 87253652
Holder:
PIN:
gpg: encrypted with 2048-bit RSA key, ID 0AFC4527CC923BCE, created 2017-04-09
      "Вася Пушкин <vp at test.org>"
gpg: public key decryption failed: Bad PIN
gpg: decryption failed: No secret key
Please unlock the card

Number: FFFE 87253652
Holder:
Counter: 3
PIN:
gpg: signing failed: Bad PIN
gpg: signing failed: Bad PIN

Reader ...........: 234B:0000:FSIJ-1.2.3-87253652:0
Application ID ...: D276000124010200FFFE872536520000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87253652
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 3
Signature key ....: A7DF BA6A 91C9 4923 0B62  1520 5CAB 8618 4F48 E157
      created ....: 2017-04-09 13:12:26
Encryption key....: 0848 2FA1 1435 356B 4EDB  30B2 0AFC 4527 CC92 3BCE
      created ....: 2017-04-09 13:12:26
Authentication key: D6B2 47B9 6F13 976C 9D26  87A8 83BE FF16 3587 DF4B
      created ....: 2017-04-09 13:16:53
General key info..: pub  rsa2048/5CAB86184F48E157 2017-04-09 Вася Пушкин <vp at test.org>
sec>  rsa2048/5CAB86184F48E157  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
ssb>  rsa2048/0AFC4527CC923BCE  created: 2017-04-09  expires: never
                                card-no: FFFE 87253652
ssb>  rsa2048/83BEFF163587DF4B  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
ssb>  rsa2048/0AFC4527CC923BCE  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
ssb>  rsa2048/83BEFF163587DF4B  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
ssb>  rsa2048/0AFC4527CC923BCE  created: 2017-04-09  expires: 2019-04-09
                                card-no: FFFE 87253652
Please unlock the card

Number: FFFE 87253652
Holder:
PIN:
gpg: encrypted with 2048-bit RSA key, ID 0AFC4527CC923BCE, created 2017-04-09
      "Вася Пушкин <vp at test.org>"
test
Please unlock the card

Number: FFFE 87253652
Holder:
Counter: 3
PIN:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20170409/d8aa7b93/attachment.sig>

More information about the gnuk-users mailing list