[Gnuk-users] Factory-reset on Gnuk with blocked PIN

[NIIBE Yutaka]

Hello,

Let me explain the history of "factory-reset" feature.  In short, it is
experimental, both for card and for GnuPG.


It is one of features which is not well implemented and tested both for
the card implementation and for GnuPG.  Once in the past, it was even
wrongly defined in the OpenPGP card specification.  Everyone who tried
resulted briked card.

Recently, the direct reason why I needed to change GnuPG is that: the
test version (for V3.3) of OpenPGPcard got bricked by GnuPG (I reported
my failure of test version of V3.3 OpenPGPcard to Achim and he pointed
out that he didn't expect the procedure of GnuPG.).  And I also got
report it didn't work with newer Yubikey.

The procedure of GnuPG seemed to be the result of some experiments by
Werner, doing a sort of try-and-error.  Since it worked to the instance
of the card, it was pushed.  While it worked, it was not right
procedure.

The procedure (and "factory-reset" sub command) has been there, but it
has been not working for newer version of Yubikey.  Yubikey users seemed
to use their own script, so far.

Gnuk's "factory-reset" feature was implemented last year, after
OpenPGP.conf.  Unfortunately, I implemented it by looking the procedure
of GnuPG.  It was wrong.

This summer, I encountered the test version of V3.3 OpenPGPcard got
briked by the procedure of GnuPG.  I found that the procedure of GnuPG
was not good.  And Gnuk implementation at that time was wrong.

Then, GnuPG has been fixed, suggested by Achim.  But this means that
some versions of Gnuk doesn't work with newer GnuPG.


While something improved, the feature of GnuPG and cards is not tested
well.  In fact, I don't have newer version of Yubikey at hand.  The test
coverage is so small.
--