Hi.
I recently purchased few Nitrokey Starts and I’ve been trying to take them into use. I provisioned the first token with ECC certs successfully but I noticed that I was unable to change the reset password for the token. I can change the user and the admin password but for some reason changing the reset password fails every time. It failed with the provisioned token and it failed with unprovisioned token that I had done nothing else except taken it from the bag.
“”""
[ MBP ~ ] $ gpg2 --version
gpg (GnuPG/MacGPG2) 2.2.3
libgcrypt 1.8.1
[ MBP ~ ] $ gpg2 --card-status
Reader …: Nitrokey Nitrokey Start
Application ID …: D276000124010200FFFE671127420000
Version …: 2.0
Manufacturer …: unmanaged S/N range
Serial number …: 67112742
Name of cardholder: [not set]
Language prefs …: [not set]
Sex …: unspecified
URL of public key : [not set]
Login data …: [not set]
Signature PIN …: forced
Key attributes …: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key …: [none]
Encryption key…: [none]
Authentication key: [none]
General key info…: [none]
gpg/card> admin
Admin commands are allowed
gpg/card> passwd
gpg: OpenPGP card no. D276000124010200FFFE671127420000 detected
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 4
Error setting the Reset Code: Card error
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection?
“”""
I’ve tried short passwords, long passwords, short and long number only PINs but nothing seems to work and I am unable to set the reset code. So what am I missing here?
I’ve tried this with both Linux and OSX and I get same errors. I even tried the firmware upgrade instructions but those fail with USB errors despite having the required usb python libraries installed
I think it would help, if I’d knew the firmware version of your NK Start. I could try it myself then. Unfortunately the ‘gpg --card-status’ output does not always state the specific version.