I am currently writing a new BLOG article about Nitrokey Start and openSUSE leap 15.2. While doing so I found the following strange phenomenon while trying and testing:
I generate a new PGP key on Nitrokey Start and change the admin PIN and then the user PIN. Everything works fine and as expected.
BUT:
If I do a factory-reset on the Nitrokey Start stick and then try to change the PINs directly, the following happens:
$ gpg2 --change-pin
gpg: OpenPGP card no. D276000124010200FFFE432438190000 detected
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 3
PIN changed.
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 1
Error changing the PIN: Conditions of use not satisfied
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
That means I canât change the user PIN, because this is always acknowledged with the error message âError changing the PIN: Conditions of use not satisfiedâ.
Is this an error of NitrokeyStart or rather of the libraries involved?
$ gpg2 --version
gpg (GnuPG) 2.2.5
libgcrypt 1.8.2
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/django/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Or how can this strange phenomenon be explained? Any idea, or hints?