Unable to generate onboard keys with Nitrokey Start

_l_o_u · November 21, 2017, 10:50am

I use GPG2 to generate onboard keys, but this fails after some time : Bad PIN error :

gpg/card> generate
Make off-card backup of encryption key? (Y/n) n

gpg: NOTE: keys are already stored on the card!

Replace existing keys? (y/N) y
What keysize do you want for the Signature key? (2048)
What keysize do you want for the Encryption key? (2048)
What keysize do you want for the Authentication key? (2048)
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: XYZCorp
Email address: xxx@yyyyyy.zz
Comment:
You selected this USER-ID:
“XYZCorp xxx@yyyyyy.zz”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

At this point the software seems idle, with opensc process taking about 2% CPU during ~30 seconds, and the following errors are printed :

gpg: signing failed: Bad PIN
gpg: make_keysig_packet failed: Bad PIN
Key generation failed: Bad PIN

szszszsz · November 21, 2017, 1:16pm

Hi!
Please provide:

Operating system name and version,
GnuPG version and
Start’s device status / firmware version,

e.g. with following commands:

gpg --version
gpg --card-status

_l_o_u · November 21, 2017, 2:26pm

gpg is version 2.0.26

Application ID …: D276000124010200FFFE671114430000
Version …: 2.0
Manufacturer …: unmanaged S/N range
Serial number …: 67111443
Name of cardholder: [not set]
Language prefs …: [not set]
Sex …: unspecified
URL of public key : [not set]
Login data …: [not set]
Signature PIN …: forced
Key attributes …: 2048R 2048R 2048R
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key …: [none]
Encryption key…: [none]
Authentication key: [none]
General key info…: [none]

Meanwhile I tried resetting the card on windows using the exe file and the output doesn’t look good with Security condition not satisfied error statuses :

.\CryptoStickReset.exe

CryptoStickReset by Dr. P. Koch (www.smartcard-auth.de), compiled at 29.5.2016 2
1:21:06

Reader: AKS ifdh 0, empty reader
Reader: AKS ifdh 1, empty reader
Reader: AKS ifdh 2, empty reader
Reader: AKS VR 0, empty reader
Reader: Nitrokey Nitrokey Start 0, found card

Using Smart Card / Stick in PC/SC Reader ‘Nitrokey Nitrokey Start 0’

Selecting OpenPGP-AID: OK
Reading Serial number: V2.0, 67111443

This programm will delete all data on your Stick / OpenPGP-Card
Please type ‘yes - delete all’ to continue: yes - delete all

RetryCounter: User=3 Admin=3, verify User-PIN with 123456: SW=9000
RetryCounter: User=3 Admin=3, verify User-PIN with 223456: SW=6982
RetryCounter: User=3 Admin=3, verify User-PIN with 223456: SW=6982
RetryCounter: User=0 Admin=3, verify Admin-PIN with 22345678: SW=6982
RetryCounter: User=0 Admin=0, card / stick is now unusable

Terminate Card: OK
Activate Card: SW=6A88

Verify User-PIN with 123456: SW=6285
Verify Admin-PIN with 12345678: SW=6285

Finished - press RETURN to exit

=> stick is now unusable !!!
This is a bit scary

_l_o_u · November 22, 2017, 2:14pm

Also device firmware version is unkown to me but I just bought the key 2 days ago, I assume it must be the latests available.

nitroalex · November 23, 2017, 8:44am

Hello,

Is this a output of CryptoStickReset or your perception? If the latter: what do you mean exactly when saying “unusable”?

What let you think, that the CryptoStickReset.exe is meant to use with Nitrokey Start? In our FAQ we recommend this for Nitrokey Pro and Storage… To be honest I don’t know whether this is working as intended on a Nitrokey Start as the hardware is different. But let’s see…

What is “gpg --card-status” saying now? Is the Stick recognized by your system?

For the Firmware of your device: it seems that your paste of --card-status above is missing the first line which states the “Reader:”. The firmware version is shown there So please provide this information if possible.

Kind regards
Alex

nitroalex · November 23, 2017, 9:35am

My fault. Ubuntu’s gnupg does not give you that information either. I don’t know why older version?

szszszsz · November 23, 2017, 10:26am

Hi!
I think @_l_o_u meant the message after using up all of user and admin PIN retries:

@_l_o_u I agree this message is not intuitive for the users not used to it. This reset method is based on using up all PIN retries (hence unusability) and then running terminate/activate commands. However it looks like this was not the right method. According to the result code SW=6285 (OpenPGP v2.0 specification, page 51):

the ‘smartcard’/device is still in terminated state while verifying PINs after reset. This means that before running proper reset commands it cannot be used (for most commands the answer will be 6285).
Nitrokey Start / GNUK have a bit different commands sequence during the factory reset. I believe there should be one more command (select) after terminate and before activate (activate complains about it with 6A88).
It had correct PIN and was in working state before using the reset application (SW=9000 means success in first RetryCounter test).

Mentioned GPG version (2.0.26) is quite old and this line will not be supported beyond this December. What’s more, factory reset procedure was changed since this version and update is needed to make it correctly. Latest GPG version is 2.2.3.

Could you please update the GPG to latest version and run factory-reset command from there?
Unfortunately device’s version number is not shown in the pasted GPG --card-status. Perhaps it will be in output of latest GPG - could you paste it once again?
Could you write what is your Windows’ version?

_l_o_u · November 23, 2017, 1:25pm

All,
Thanks for the feedback. You are right, the unusable warning is in the log, and sounds scary to me but sort of makes sense in the context of invalidating all CHVs.
Anyway, I managed to rebuild gpg2 in version 2.2.3 on my box, and run it. The factory reset log is as follows :

 $ gpg --card-edit

Reader ...........: 20A0:4211:FSIJ-1.2.3-67111443:0
Application ID ...: D276000124010200FFFE671114430000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 67111443
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg/card> admin
Admin commands are allowed

gpg/card> factory-reset
gpg: OpenPGP card no. D276000124010200FFFE671114430000 detected

gpg: Note: This command destroys all keys stored on the card!

Continue? (y/N) y
Really do a factory reset? (enter "yes") yes
sending card command dummy select  failed: Conflicting use

As you can see there is still an error. The generate command also fails.

szszszsz · November 23, 2017, 1:32pm

OK! The firmware version you have is 1.2.3. Could you tell me on what OS you are running at the moment?
@nitroalex : I believe you have working with this recently. Any ideas?

nitroalex · November 23, 2017, 1:45pm

As there are issues in older firmware especially regarding the factory-reset procedure I would be pleased if you could indeed upgrade the firmware first. You can find the instructions here. (I am sorry, that the older firmware is still on new bought NK Start, the error was found recently)

But to be honest I don’t think that this is the point here. Nevertheless maybe upgrading the firmware is doing the thing by overriding stuff… And I don’t have to be afraid every time you try factory-reset

Please try to not block your device (PIN typed in wrong three times). You can not factory-reset if it is blocked and you have no reset code set.

_l_o_u · November 23, 2017, 2:24pm

Okay, I’m going to try reflashing.
I run Debian Jessie (up to date), on x86_64.

_l_o_u · November 23, 2017, 5:01pm

Quick update : I was able to upgrade firmware which is now 1.2.6.

Following this I tried the factory-reset but this fails with
sending card command dummy select failed: Conflicting use

I suspect that there might be an interference with some smartcard-related daemon on my box, although I can’t really tell for sure.

However, I tried generating keys again, and this succeeded for the first time. I now have the 3 keys (as opposed to only one earlier on). I am now able to encrypt and decrypt and sign, but factory-reset still fails, but it seems I can renew the onboard keys by running generate again (killing gpg-agent in the process seems to help here).

nitroalex · November 27, 2017, 9:18am

The “Conflicting use” message indeed indicates that there are different program/daemons which are trying to access the card. This can have different reasons. Trying factory-reset can cause some hangs as well (best practice: plug out key after factory-reset and try ‘pkill gpg-agent’ afterwards before invoking new commands). “Normal”, everyday use should not make such trouble.

Factory-reset should work fine though Do you want us to further investigate or are you happy that you can just override and don’t care anyway?

_l_o_u · November 27, 2017, 12:58pm

Alex,
Thanks for the support. As of now, I guess I’m fine. I’m able to sign / encrypt and authenticate, so basically I’m a happy camper.
I will continue to dig. I’m seeing different things on different machines, but for the most part all is good, and if not able to factory-reset the card I can at least overwrite the keys with new ones. I need to clear my mind around opensc, openct, and gpg. and everything in the middle.
Anyway, great support, thanks a lot !