Reset admin pin


#1

How do I reset the admin pin on a NK Storage with Ubuntu 17.04?
Please in NOOB language…
I tried: Reset device: “gpg2 --card-edit” -> “admin” -> "factory-reset"
Which first gave me a checksum error;
on next try I got: “gpg: OpenPGP card not available: Not supported”


#2

What should I do?

~$ gpg --card-edit`

Reader ...........: 20A0:4109:0000000000000:0
Application ID ...: D2760001240102010005000034120000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 00003412
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 0
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> admin
Admin commands are allowed

gpg/card> factory-reset
gpg: OpenPGP card no. D2760001240102010005000034120000 detected

gpg: Note: This command destroys all keys stored on the card!

Continue? (y/N) y
Really do a factory reset? (enter "yes") yes
sending card command SELECT AID failed: Checksum error

#3

Hi Eric,

of course, this should work under normal circumstances. I don’t know what is happening here, but I do know, that there were some changes in the way GnuPG handles factory-reset recently, as the developers found some problems. As you have an older version of GnuPG on your system, I would recommend to use Option 4 of the proposed variants to reset the Nitrokey shown here.

Please let us know how it turned out.

Kind regards
Alex


#4

Hi Alex, thanks for reaching out. Option 4 was the first one I tried.
But I just done it again. And although my terminal screen tells me that it is factory reset, trying to change the admin pin gives me zero tries.


#5

I am afraid, that the console output is ambigous… Actually it didn’t get reset. Every command fails (ERR). It seems like your device is not recognized correctly. Please do as follows:

  • close Nitrokey App (shouldn’t be a problem, but to be sure)
  • unplug Nitrokey
  • type ‘pkill gpg-agent && pkill scdaemon’ # gpg-agent and scdaemon are the programs at use to do the factory-reset and may are blocked or alike
  • plug in the Nitrokey
  • try to repeat the factory-reset above

I hope this will do the trick, because I guess scdaemon is just broke. In general a reboot and the two last points should do the same if this is easier for you!

Kind regards
Alex


#6

This time it seems to work…
I changed the admin pin first and then the user pin.
Then I could correctly initialize the NK
I let the NK run but halfway the proces I got a message that the NK was disconnected and shortly after that a message window:

“Device is detected but could not be connected. Please reinsert it.”

Though I did not touch it. Then a blue info message again that the NK was connected again.
All the time the red light of the NK was either on o blinking. Then I go a new message window:

“Critical error encountered. Please restart application. Message: Maximum receiving_entry_counter count reached for receiving response from the device!”

After that the red light kept on or blinking, and the NK App does not show the NK. And a message window:

“Could not clear SD card. Status code: -1”

Also the NK App crashed on my Ubuntu system, asking to send an error report and to restart.
NK red light burning, App crashed but after restart does not see NK. Gets a bit warm.

After a restart of the App en reconnect of the NK it finally showed me the progress bar. And after a long time - of which you warned of, it was ready.
For now I have to study what else I have to do to work with it.

Can I ask what the default password is for updating the software?
Thanks and thanks for your help.
Not disappointed in my expectations of Deutsche Gründlichkeit. :wink: