Nitrokey 3C NFC - set pin does not work

Hi!

I’ve upgraded to verstion 1.5.0 and renewed my gpg-keys and the user- and admin-pin. I also set an resetCode.

Then i tried pkcs11-tool --login --list-objects and was asked for the user-pin. I entered the former one i set, and got:

Using slot 1 with a present token (0x4)
Logging in to "OpenPGP card (User PIN)".
Please enter User PIN: 
error: PKCS11 function C_Login failed: rv = CKR_PIN_INCORRECT (0xa0)
Aborting.

But it was the correct PIN (using a password-manager!!)

After that i was not able to change the pin with gpg --change-pin anymore. I could not reset the pin nor reset the master-pin with the resetCode.

I had to do a factory-reset with gpg. After that, i could set all new. generate a new key, set pin, admin-pin and resetCode… but the play starts agaein with trying pkcs11-tool --login

I have this issue too! Or kind of.
I have set the admin and user pin with gpg --edit-card, and added three subkeys.
Then I wanted to create a FIDO2 key but asks for a pin… nor user nor admin pin previously set work.
If I try to do nitropy fido2 set-pin it says that maybe the pin is already set.

1 Like

@ciropom:
FIDO2 and OpenPGP Card are two different applications running on the Nitrokey 3. Thus, there are different/independent PINs as well, see Nitrokey 3 documentation - set pins.

However I encounterd the same or similar issue as mentioned above:
I am not able to set or change the user-pin of the OpenPGP Card with gpg --edit-card and passwd. Haven’t tried to change the admin-pin yet.

Have you try 123456 pin?

Yes the default pgp pin on most smartcards is 123456 and the admin pin is 12345678.

It is not necessary but more then highly recommend to change all pgp pins before using the pgp Smartcard. But the card itself is fully functional.
(Pgp Smartcards have 4 pins: pin, unblock pin, admin pin, and reset code.)

The fido2 pin however is unrelated. Fido2 and pgp Smartcard are two distinct functions.
And fido2 does not work before you have not set a pin.

And just in case: the piv module is unrelated to the pgp Smartcard… And has also it’s own pins.