[Gnuk-users] Error changing the PIN: Conditions of use not satisfied
Alexander Paetzelt | Nitrokey
alex at nitrokey.com
Thu Oct 19 09:51:18 UTC 2017
Hello,
does anybody know if this behaviour (user-PIN can only be set, if a key
is already on card) is a bug or just a necessity of Gnuk? Is there any
intention to change anything about it? Is there a way to help here?
Kind regards
Alex
On 09/28/2017 08:58 PM, Alexander Paetzelt | Nitrokey wrote:
> Hi,
>
> I had recently the very same problems. I consider this a bug, isn't it? Is there any intention to fix it?
>
> As far as I can see, the headless admin mode can't be disabled other than resetting the device. (http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-pw1-pw3-and-reset-code)
>
> Note that the reset PIN must have >=8 characters, but gpg will say "Bad PIN" instead "Conditions of use not satisfied" if trying a PIN <8 characters. Maybe this went wrong for you?
>
> Kind regards
> Alex
>
> On 2017-09-26, intrigeri wrote:
> >/Vagrant Cascadian: />>/gpg/card> passwd />>/gpg: OpenPGP card no. D276000124010200FFFE870238330000 detected />>/Error changing the PIN: Conditions of use not satisfied />//>/I had exactly the same problem a month ago, and IIRC (not sure) I had />/to upload an encryption key to the device before I could change />/the PIN. /
> Thanks, that helped! I generated a dummy key I don't care about, and
> then was able to change the pin, and set a reset pin as well.
>
> Then I thought I would start to import the keys I actually want.... but
> the pin doesn't actually work; any attempt to use it decrements the pin
> retry counter.
>
> Fortunately, I set a reset pin, and I can unblock using the reset pin
> once the retry counter limit is blocked...
>
> Does setting a reset pin disable adminless mode? Which pin does the pin
> reset set (admin or ... regular/user)? Are there character restrictions
> on pins, but it doesn't properly check them before changing the pin?
>
> Seems so close, yet so far!
>
>
> live well,
> vagrant
>
>
> _______________________________________________
> gnuk-users mailing list
> gnuk-users at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20171019/7618b7e2/attachment.html>
More information about the gnuk-users
mailing list