[Gnuk-users] Error changing the PIN: Conditions of use not satisfied

Alexander Paetzelt | Nitrokey alex at nitrokey.com
Thu Sep 28 18:58:59 UTC 2017


I had recently the very same problems. I consider this a bug, isn't it? Is there any intention to fix it?

As far as I can see, the headless admin mode can't be disabled other than resetting the device. (http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-pw1-pw3-and-reset-code)

Note that the reset PIN must have >=8 characters, but gpg will say "Bad PIN" instead "Conditions of use not satisfied" if trying a PIN <8 characters. Maybe this went wrong for you?

Kind regards

On 2017-09-26, intrigeri wrote:
>/Vagrant Cascadian: />>/gpg/card> passwd />>/gpg: OpenPGP card no. D276000124010200FFFE870238330000 detected />>/Error changing the PIN: Conditions of use not satisfied />//>/I had exactly the same problem a month ago, and IIRC (not sure) I had />/to upload an encryption key to the device before I could change />/the PIN. /
Thanks, that helped! I generated a dummy key I don't care about, and
then was able to change the pin, and set a reset pin as well.

Then I thought I would start to import the keys I actually want.... but
the pin doesn't actually work; any attempt to use it decrements the pin
retry counter.

Fortunately, I set a reset pin, and I can unblock using the reset pin
once the retry counter limit is blocked...

Does setting a reset pin disable adminless mode? Which pin does the pin
reset set (admin or ... regular/user)? Are there character restrictions
on pins, but it doesn't properly check them before changing the pin?

Seems so close, yet so far!

live well,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20170928/938fd1b7/attachment.html>

More information about the gnuk-users mailing list