I tried to use pkcs11 with my nitrokey 3C NFC.
So i wanted to create a new pkcs11-key. This broke my nitrokeys. Both.
And now i can not log in anymore in this forum with my old id… because the forum says, that the key (tried it with both of my nk3) is not registered with this site.
i was not able to generate a pkcs11 key, and now fido is already broken after that.
witth pivy-tool i can not change or reset the pin and puk
$ pivy-tool reset-pin
Enter PUK (51A72C19):
Enter new PIV PIN (51A72C19):
Confirm new PIV PIN (51A72C19):
pivy-tool: error occurred while executing 'reset-pin'
Caused by cmd_reset_pin: failed to set new PIN
in cmd_reset_pin() at pivy-tool.c:1313
Caused by APDUError: Card replied with SW=6300 (WARNING_UNKNOWN) to INS_RESET_PIN(80)
in piv_reset_pin() at piv.c:4167
I tried a factory-reset, then it says “pin and puk have to be locked both. No change possible now”
Then i tried to reset-pin tried it with 123456 for puk
i get this
$ pivy-tool change-pin
Enter current PIV PIN (51A72C19):
Enter new PIV PIN (51A72C19):
Confirm new PIV PIN (51A72C19):
ok. I set the pin to “blafoo”
Trying to register this key on gitlab.com
“Add new device”… the browser asks me for the pin for the key. Put in blafoo and the browser says, the key is locked. I have to reset it, because i tried a wrong pin too often.
But i reset the pin already…
Ok. Try to do a factory-reset:
$ pivy-tool factory-reset
Resetting Yubikey 51A72C19 (Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00)
Serial #5437251
WARNING: this will completely reset the PIV applet on this Yubikey, erasing all keys and certificates!
Type 'YES' to continue:
pivy-tool: error occurred while executing 'factory-reset'
Caused by ResetConditionsError: Conditions for use of INS_RESET not met (all PINs and PUK must be blocked)
in ykpiv_reset() at piv.c:4206
Caused by APDUError: Card replied with SW=6985 (CONDITIONS_NOT_SATISFIED) to INS_RESET
in ykpiv_reset() at piv.c:4206
next try:
$ pivy-tool change-pin
Enter current PIV PIN (51A72C19):
Enter new PIV PIN (51A72C19):
Confirm new PIV PIN (51A72C19):
Exitcode is 0:
current PIN i tipped blafoo (As set before)
New PIV PIN: 123456
next try on gitlab:
“Key is locked, tried to often the wrong pin”
Really… i’m on the way to do the elon. What a broken shit this nitrokey3 is!!!
I bought 2 of them 2 and a half year ago… because it was promised to use it with gpg (and NFC!!!) but on android with Openkeychain it does not work by usb and nfc is deactivated for gpg.
And i bought it to use it with pkcs1… i can not activate it. And i bought it for FIDO2 and webauthn… and now also this is broken.
Please take my keys and give me my money back.