[Gnuk-users] Error changing the PIN: Conditions of use not satisfied

Srinivas V vsrinu26f at gmail.com
Wed Sep 27 12:11:22 UTC 2017 

Change PIN only after uploading keys.

Yes, I fell for that too when i first tried Gnuk. I ended up purchasing
gemalto flasher.

On Sep 27, 2017 7:02 AM, <gnuk-users-request at lists.alioth.debian.org> wrote:

Send gnuk-users mailing list submissions to
        gnuk-users at lists.alioth.debian.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
or, via email, send a message with subject or body 'help' to
        gnuk-users-request at lists.alioth.debian.org

You can reach the person managing the list at
        gnuk-users-owner at lists.alioth.debian.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of gnuk-users digest..."


Today's Topics:

   1. Error changing the PIN: Conditions of use not satisfied
      (Vagrant Cascadian)
   2. Re: Error changing the PIN: Conditions of use not satisfied
      (intrigeri)


----------------------------------------------------------------------

Message: 1
Date: Tue, 26 Sep 2017 22:18:36 -0700
From: Vagrant Cascadian <vagrant at debian.org>
To: gnuk-users at lists.alioth.debian.org
Subject: [Gnuk-users] Error changing the PIN: Conditions of use not
        satisfied
Message-ID: <87a81g7m8j.fsf at aikidev.net>
Content-Type: text/plain; charset="us-ascii"

Hey, really excited to try to use gnuk for real!

With a freshly flashed gnuk 1.2.5 on an FST-01, using Debian Stretch, I
cannot seem to change the PIN. I figured I should set a PIN before
uploading keys to it, and tried following the instructions here:

  http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html

Was hoping to get it set up in "admin less mode", but I could probably
handle having an admin and reset pin as well, if that's not really
recommended.


I'm not sure if there'se some important step I'm missing, or if
something is genuinely wrong with the gnuk build, the FST-01 hardware,
or somewhere in the gnupg stack:

  $ gpg --edit-card

  Reader ...........: 234B:0000:FSIJ-1.2.5-87023833:0
  Application ID ...: D276000124010200FFFE870238330000
  Version ..........: 2.0
  Manufacturer .....: unmanaged S/N range
  Serial number ....: 87023833
  Name of cardholder: [not set]
  Language prefs ...: [not set]
  Sex ..............: unspecified
  URL of public key : [not set]
  Login data .......: [not set]
  Signature PIN ....: forced
  Key attributes ...: rsa2048 rsa2048 rsa2048
  Max. PIN lengths .: 127 127 127
  PIN retry counter : 3 3 3
  Signature counter : 0
  Signature key ....: [none]
  Encryption key....: [none]
  Authentication key: [none]
  General key info..: [none]

  gpg/card> passwd
  gpg: OpenPGP card no. D276000124010200FFFE870238330000 detected
  Error changing the PIN: Conditions of use not satisfied

Tried with and without entering "admin" command first.  The retry
counter isn't changing, so I'm correctly entering the default pin.

First was using gnupg from Debian stretch (2.1.18-6), and then tried a
local build of the version on it's way to stable-proposed-updates
(2.1.18-8~deb9u1), since it contained some patches related to scdaemon,
but no luck.


Any thoughts or recommended further troubleshooting steps?


live well,
  vagrant
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/
attachments/20170926/2b9e702d/attachment-0001.sig>

------------------------------

Message: 2
Date: Wed, 27 Sep 2017 08:49:06 +0200
From: intrigeri <intrigeri at boum.org>
To: gnuk-users at lists.alioth.debian.org
Subject: Re: [Gnuk-users] Error changing the PIN: Conditions of use
        not     satisfied
Message-ID: <85tvzor5zx.fsf at boum.org>
Content-Type: text/plain

Hi,

Vagrant Cascadian:
>   gpg/card> passwd
>   gpg: OpenPGP card no. D276000124010200FFFE870238330000 detected
>   Error changing the PIN: Conditions of use not satisfied

I had exactly the same problem a month ago, and IIRC (not sure) I had
to upload an encryption key to the device before I could change
the PIN.

Cheers,
--
intrigeri



------------------------------

Subject: Digest Footer

_______________________________________________
gnuk-users mailing list
gnuk-users at lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/gnuk-users


------------------------------

End of gnuk-users Digest, Vol 96, Issue 2
*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20170927/02e0bb4f/attachment.html>

More information about the gnuk-users mailing list