i wanted to reset my Nitrokey-Start with gpg2 --card-edit -> admin -> factory-reset.
After that command gpg2 asks me if i realy want to delete all data and so on but the reset fails with the error message card command TERMINATE DF failed: Falsche PIN (0x6982)
After this i even cannot use gpg --card-status any more.
was your device blocked before (was the retry counter zero before trying factory-reset)? I am currently working on this behaviour and some more information will come in handy. Did you try to change the User PIN before the Admin PIN?
i was able to use the Key bevor, i changed the Admin PIN, later the User PIN, but i copied accidently my 4096bit RSA keys to the NitroKey. So i decided to create 2048bit Keys and store them to the Key. For that i was asked to enter the Admin PIN of course, and this was not working. So i first entered my formerly set PIN -> fail, reenter it to be sure -> fail again, after this i tried the standard Admin PIN 12345678 and it also fails.
At this point i have tried to do this factory-reset with the described issue.
Well, yes you are right of course, unblocking would reset the user PIN only.
But this looks like you did only block the User PIN, right? Therefore you should be able to set a reset PIN via
admin->passwd->4->enter admin-PIN->enter new reset code
There are two unblock methods: one to be used with reset code and one to be used with admin-PIN.
admin->passwd->2->enter admin-PIN->enter new user-PIN
With reset code
unblock->reset code->new user-PIN
Please pay attention on the admin usage. It does make a difference if you are in admin or user mode. You may leave gpg if unsure. Please also have a look at ‘gpg --card-status’ what your retry status is. The three numbers are
3 3 3
user reset admin
Please have a look if it does change anything if you have unblocked the device before factory-reset.
thanks for the new key.
I did this as described below, all commands also returned some kind of
OK status, but unfortunately the key is still not usable. If i want to
do a factory-reset, it returns an error with “wrong pin” without even
asking for a PIN…