Stating that the first and second counter should be sync.
I am not sure what this documentation is talking about. The first number is the user PIN, the second is the pin unblock key (PUK), and the third one is for the admin pin.
Regardless of that, the key appears to be in a failsafe state because it detected that its state is inconsistent. Therefore the PIN retry counter displayed is wrong.
To correct the issue, we should try to find the reason of the issue.
What were the latest operations you did with the device prior to seeing this error message ?
Did you have keys stored on the device?
Which firmware version are you using ?
Have you used a test firmware version ?
Iâve got the same issues with my recently ordered Nitrokey 3A Mini.
gpg --card-edit --expert
Shows up with:
Name of cardholder: Card state corrupted.
I was trying to change the admin pin an set the key attributes to rsa4096.
Even factory-reset fails with âcard command TERMINATE DF failed: Card error (0x6500)â
And sometimes the device shows up with the red LED after plugging in.
Hello @sosthene-nitrokey
Thanks for your answer!
I did not know what Iâve done last time. And no I did not store any keys yet.
I am using firmware 1.8.0 and pyntrokey 0.7.3
After doing a factory reset via the gpg-card command
the output was okay
And I am able to change settings!
Can you install opensc, kill GPG agent with gpg-connect-agent killagent /bye and try to run opensc_explorer and issue the series of the commands like below. I show the output I got on my Nitrokey 3 as an example.
Finally I was able to execute the factory-reset and the gpg application is functional again.
This time Iâll create a offline backup of the generated keys.
When generating a key directly on the Nitrokey, the backup option provided is incomplete. It doesnât really include the full private key. To create a full backup, follow these instructions to generate the key outside the Nitrokey and then import it. This ensures you have a complete backup of your private key. Always test a backup to ensure it works as you expect it.
However you expose your private key on the device where you initialize the key and have to think about how to safeguard the backup (e.g. with a password manager).