Unable to change OpenPGP Card PINs on new NK 3A Mini.
$ gpg --card-edit
Reader ...........: Nitrokey Nitrokey 3 [CCID/ICCD Interface] [...]
Application ID ...: [...]
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: Nitrokey
Serial number ....: [...]
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: nistp256 nistp256 nistp256
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 0 3
Signature counter : 5
KDF setting ......: off
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [...]
created ....: 2024-12-05 [...]
Encryption key....: [...]
created ....: 2024-12-05 [...]
Authentication key: [...]
created ....: 2024-12-05 [...]
General key info..: [none]
gpg/card> admin
Admin commands are allowed
gpg/card> passwd
gpg: OpenPGP card no. [...] detected
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 3
Error changing the PIN: Card error
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Latest NK3 Firmware v1.7.2 (NRF52 Variant)
gpg (GnuPG) 2.4.4
libgcrypt 1.10.3-unknown
Completed troubleshooting steps:
-retry multiple times with new Smart PGP cards
-reinstall firmware
-different usb ports
-different computers
Origin of issue:
Used NK3 for coreboot heads installation. After successful “OEM Factory Reset/Re-Ownership” stage with custom PINs/passphrases, during “Generate new HOTP/TOTP secret” step only the default admin PIN (12345678) is accepted and not the custom PIN set during the “OEM Factory Reset/Re-Ownership” stage.
Attempting to change the pin via gpg tool also fails as shown above, leading me to believe heads also failed setting custom PINs during the “OEM Factory Reset/Re-Ownership” stage silently (no verbose errors).
ty for help