I am currently writing a new BLOG article about Nitrokey Start and openSUSE leap 15.2. While doing so I found the following strange phenomenon while trying and testing:
I generate a new PGP key on Nitrokey Start and change the admin PIN and then the user PIN. Everything works fine and as expected.
If I do a factory-reset on the Nitrokey Start stick and then try to change the PINs directly, the following happens:
$ gpg2 --change-pin gpg: OpenPGP card no. D276000124010200FFFE432438190000 detected 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Your selection? 3 PIN changed. 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Your selection? 1 Error changing the PIN: Conditions of use not satisfied 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit
That means I can’t change the user PIN, because this is always acknowledged with the error message “Error changing the PIN: Conditions of use not satisfied”.
Is this an error of NitrokeyStart or rather of the libraries involved?
$ gpg2 --version gpg (GnuPG) 2.2.5 libgcrypt 1.8.2 Copyright (C) 2018 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/django/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2
Or how can this strange phenomenon be explained? Any idea, or hints?