Gpg: error clearing forced signature PIN flag: Card error


#1

Dear Nitrokey,

I have spent a while before i decided to use my nitrokeys. Finally i have come to the point where i need to set up some servers and attempted to set up the nitrokeys i purchased for use with ssh, i wanted to make sure i had 2 nitrokeys because i have a habbit of losing stuff, which is thankfully not yet the case.

Anyhow the issue, while installing the first nitrokey i encountered the following.:
I followed the steps described here: https://github.com/djozsef/openpgp-docs/blob/master/Setting%20up%20EIDAuthenticate%20with%20OpenPGP%20card.md#generate-keys which went well.

It confirmed my nitrokey was set up. I had keys attached to it altered the name and email. And then attempted as suggested to alter the user/admin pin. the user pin went fine. The admin pin not so much, it kept notifying me that it was a bad pin after three times it reported another error not allowing me to alter anything anymore, I figured a factory reset was in order because i messed up somewhere.

Factory reset:

Reader ...........: Nitrokey Nitrokey Start 0
Application ID ...: D276000124010200FFFE670841220000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 67084122
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

It seems reset to me, so i tried to go through the steps again:

gpg/card> admin
Admin commands are allowed

gpg/card> generate
Make off-card backup of encryption key? (Y/n) n

Please note that the factory settings of the PINs are
   PIN = '123456'     Admin PIN = '12345678'
You should change them using the command --change-pin

gpg: error clearing forced signature PIN flag: Card error

This is where i run out of options because no post on the forums nor google lead me in the right direction for a solution to this.

What should i do now?


#2

issue%20with%20smartcard2


#3

Hi,

as explained on https://nitrokey.com/start you need to set up the admin pin first. Otherwise you are going into the admin-less mode were the user pin is the same as the admin pin, kind of disabling the differentiation.

Thus, your attempt to change the admin pin leaded nowhere as you tried to change from 12345678 to new one, although it was already changed.

I don’t know about the issue you have now, but I suggest a new reset and then follow the instructions again.

Kind regards
Alex


#4

@nitroalex

Thank you very much for your reply, i know i followed the wrong installation instructions. Therefore i wanted to follow the one you linked to right now. Unfortunately i did not. So i ended up trying the factory reset. And follow the instructions you show me. But that’s where everything i do gets the card error.

Any tips on how i can factory reset the card?

All i get on https://www.nitrokey.com/documentation/how-reset-nitrokey is

How to reset a Nitrokey?

but no other instructions.

#5

TLDR: I fixed the issue.

It took me quite the list of actions to get the nitrokey back into a useable state.

On a windows machine i did the following,
attempt to install, failed due to pin before admin pin.
card in error state.
firmware flash attempt, card error
factory reset, card error.

Went to my ubuntu device,
tried to configure, card error
tried to factory reset, card error
firmware flash, success
tried to configure, card error
factory reset, success
configure, success.

Hope this helps someone else with this problem.