[Gnuk-users] Gnuk 1.2.3 passwords and counters
NIIBE Yutaka
gniibe at fsij.org
Mon Apr 17 05:00:18 UTC 2017
Hello,
Sorry for late response. I had not been able to replicate this issue.
But today, the possible case came up to my mind.
Ineiev <ineiev at gnu.org> wrote:
> Any ideas on what I miss? the rest is a sample session: first I enter
> wrong PIN values for decrypting and signing, 4 times; then
> gpg --card-status shows that the counters haven't changed,
> after that I enter correct PIN value, once to decrypt and once
> to sign, and both work (the device is not blocked).
I think that your "wrong PIN" is too short. In this case, the
authentication doesn't go to the token, but it is GnuPG just detects the
error.
According to OpenPGP card specification, PIN length should be longer
than or equals to 6. When it's shorter, scdaemon doesn't send command
to the token, but says an error by itself.
--
More information about the gnuk-users
mailing list