Hi,
i wanted to reset my Nitrokey-Start with gpg2 --card-edit -> admin -> factory-reset.
After that command gpg2 asks me if i realy want to delete all data and so on but the reset fails with the error message
card command TERMINATE DF failed: Falsche PIN (0x6982)
After this i even cannot use gpg --card-status any more.
PIN retry counter : 0 3 3
i have used gpg2 2.2.1 and libcrypt 1.8.1
Any hints what i could do to reset my Key?
Thanks in advance
Hi,
was your device blocked before (was the retry counter zero before trying factory-reset)? I am currently working on this behaviour and some more information will come in handy. Did you try to change the User PIN before the Admin PIN?
Kind regards
Alex
Hi,
i was able to use the Key bevor, i changed the Admin PIN, later the User PIN, but i copied accidently my 4096bit RSA keys to the NitroKey. So i decided to create 2048bit Keys and store them to the Key. For that i was asked to enter the Admin PIN of course, and this was not working. So i first entered my formerly set PIN -> fail, reenter it to be sure -> fail again, after this i tried the standard Admin PIN 12345678 and it also fails.
At this point i have tried to do this factory-reset with the described issue.
Best regards,
Uli
Hi,
another question: did you set a reset code? Does unblocking help? (It does not for me)
I further research and let you know, what I found out.
Kind regards
Alex
Hi,
unfortunatly i did not set a reset code, but as far as i know this will reset the User PIN?
Unblocking does not work neither.
It would be very kind if you let me know your results, if you need me to try something on the key, just let me know.
Best regards,
Uli
Hi,
Well, yes you are right of course, unblocking would reset the user PIN only.
But this looks like you did only block the User PIN, right? Therefore you should be able to set a reset PIN via
admin->passwd->4->enter admin-PIN->enter new reset code
There are two unblock methods: one to be used with reset code and one to be used with admin-PIN.
With admin-PIN:
admin->passwd->2->enter admin-PIN->enter new user-PIN
With reset code
unblock->reset code->new user-PIN
Please pay attention on the admin usage. It does make a difference if you are in admin or user mode. You may leave gpg if unsure. Please also have a look at ‘gpg --card-status’ what your retry status is. The three numbers are
3 3 3
user reset admin
Please have a look if it does change anything if you have unblocked the device before factory-reset.
Kind regards
Alex
Hi,
i tried this, but it fails:
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Ihre Auswahl? 4
Error setting the Reset Code: Kartenfehler
Kartenfehler means Carderror
The same happens when i try to enter a new user-PIN
But since i tried this (each only one time), all PIN counters are 0 and max PIN length also is 0:
Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
Kind regards,
Uli
Hi,
this now is a confirmed bug. Gnuk1.2.6 is needed for properly working factory-reset. We update our instructions soon.
Please write us an email to our support address https://www.nitrokey.com/contact so that we can replace your device.
We apologize for any inconvenience!
Kind regards
Alex
Hi,
the new key should be on the way. I may still found a solution and would be happy if you could test with your bricked device.
Please save this code in a file called ‘reset.txt’
/hex
scd reset
scd serialno undefined
scd apdu 00 A4 04 00 06 D2 76 00 01 24 01
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd apdu 00 44 00 00
scd reset
/echo card has been reset to factory defaults
Then put in the bricked Nitrokey Start and type ‘gpg-connect-agent < reset.txt’.
This worked for my device 
and this is what the new GnuPG version 2.2.2 is doing to fix this issue.
Kind regards
Alex
Hi,
thanks for the new key.
I did this as described below, all commands also returned some kind of
OK status, but unfortunately the key is still not usable. If i want to
do a factory-reset, it returns an error with “wrong pin” without even
asking for a PIN…
Kind regards,
Uli
Hi,
it seems that you are right. I tried again with a downgraded device. I didn’t get it working again. I am not sure, why it worked for me before 
Thanks you a lot for testing and please remember to upgrade the firmware on your new device before using factory-reset on a blocked device…
Kind regards
Alex