dearsky/pico-openpgp
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 15 Wiki Activity

can not change openpgp password #32

New Issue
Closed
opened 2025-04-22 08:38:05 +08:00 by CGsama · 6 comments
CGsama commented 2025-04-22 08:38:05 +08:00 (Migrated from github.com)
Copy Link

pico_openpgp_pico2-3.6-eddsa1

either pin or admin pin can not be changed, ok on pico w but not working on pico 2

Error changing the PIN: Card error

pico_openpgp_pico2-3.6-eddsa1 either pin or admin pin can not be changed, ok on pico w but not working on pico 2 Error changing the PIN: Card error
CGsama commented 2025-04-22 10:22:49 +08:00 (Migrated from github.com)
Copy Link

maybe related to #27

maybe related to #27 ?
polhenarejos commented 2025-04-22 15:02:21 +08:00 (Migrated from github.com)
Copy Link

Did you nuke it first?

Did you nuke it first?
CGsama commented 2025-04-22 15:14:18 +08:00 (Migrated from github.com)
Copy Link

Did you nuke it first?

i tried on two brand new boards, let me try nuke

> Did you nuke it first? i tried on two brand new boards, let me try nuke
CGsama commented 2025-04-22 15:18:36 +08:00 (Migrated from github.com)
Copy Link

tried with pico_nuke_pico2-1.4.uf2 not working, still cant change pin

tried with pico_nuke_pico2-1.4.uf2 not working, still cant change pin
ViZiD commented 2025-05-12 00:13:25 +08:00 (Migrated from github.com)
Copy Link

I have the same problem, and have had it for quite some time, since about version 2.2
I don't use gpg to change the password, instead I use openpgp-card-tools https://codeberg.org/openpgp-card/openpgp-card-tools, it changes the pin perfectly there.
I experimented a bit and found out that if you set the reset pin first, then the user pin and admin pin will change fine after that

#!/usr/bin/env bash

ADMIN_PASS="12345678"
PIN_PASS="123456"

function change_user_and_admin_pin {
	gpg --command-fd=0 --pinentry-mode=loopback --edit-card <<EOF
admin
passwd
1
$PIN_PASS
654321
654321
3
$ADMIN_PASS
87654321
87654321
q
q
EOF
}

function change_reset_pin {
	gpg --command-fd=0 --pinentry-mode=loopback --edit-card <<EOF
admin
passwd
4
$ADMIN_PASS
87654321
87654321
q
q
EOF
}

change_user_and_admin_pin
change_reset_pin
change_user_and_admin_pin
After that you can see that user pin and admin pin has been successfully changed.

Reader ...........: Yubico YubiKey CCID [Pico Key HID Interface] (A9B20E0FC513E195) 00 00
Application ID ...: D276000124010304FFFEA9B20E0F0000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: unmanaged S/N range
Serial number ....: A9B20E0F
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: off
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

Admin commands are allowed

gpg: OpenPGP card no. D276000124010304FFFEA9B20E0F0000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Error changing the PIN: Card error

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Error changing the PIN: Card error

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Reader ...........: Yubico YubiKey CCID [Pico Key HID Interface] (A9B20E0FC513E195) 00 00
Application ID ...: D276000124010304FFFEA9B20E0F0000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: unmanaged S/N range
Serial number ....: A9B20E0F
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: off
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

Admin commands are allowed

gpg: OpenPGP card no. D276000124010304FFFEA9B20E0F0000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Reset Code set.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

Reader ...........: Yubico YubiKey CCID [Pico Key HID Interface] (A9B20E0FC513E195) 00 00
Application ID ...: D276000124010304FFFEA9B20E0F0000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: unmanaged S/N range
Serial number ....: A9B20E0F
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
KDF setting ......: off
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

Admin commands are allowed

gpg: OpenPGP card no. D276000124010304FFFEA9B20E0F0000 detected

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

PIN changed.

1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit

I have the same problem, and have had it for quite some time, since about version 2.2 I don't use gpg to change the password, instead I use openpgp-card-tools https://codeberg.org/openpgp-card/openpgp-card-tools, it changes the pin perfectly there. I experimented a bit and found out that if you set the reset pin first, then the user pin and admin pin will change fine after that ```sh #!/usr/bin/env bash ADMIN_PASS="12345678" PIN_PASS="123456" function change_user_and_admin_pin { gpg --command-fd=0 --pinentry-mode=loopback --edit-card <<EOF admin passwd 1 $PIN_PASS 654321 654321 3 $ADMIN_PASS 87654321 87654321 q q EOF } function change_reset_pin { gpg --command-fd=0 --pinentry-mode=loopback --edit-card <<EOF admin passwd 4 $ADMIN_PASS 87654321 87654321 q q EOF } change_user_and_admin_pin change_reset_pin change_user_and_admin_pin ``` <details> <summary>After that you can see that user pin and admin pin has been successfully changed.</summary> Reader ...........: Yubico YubiKey CCID [Pico Key HID Interface] (A9B20E0FC513E195) 00 00 Application ID ...: D276000124010304FFFEA9B20E0F0000 Application type .: OpenPGP Version ..........: 3.4 Manufacturer .....: unmanaged S/N range Serial number ....: A9B20E0F Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 KDF setting ......: off UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] Admin commands are allowed gpg: OpenPGP card no. D276000124010304FFFEA9B20E0F0000 detected 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Error changing the PIN: Card error 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Error changing the PIN: Card error 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Reader ...........: Yubico YubiKey CCID [Pico Key HID Interface] (A9B20E0FC513E195) 00 00 Application ID ...: D276000124010304FFFEA9B20E0F0000 Application type .: OpenPGP Version ..........: 3.4 Manufacturer .....: unmanaged S/N range Serial number ....: A9B20E0F Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 KDF setting ......: off UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] Admin commands are allowed gpg: OpenPGP card no. D276000124010304FFFEA9B20E0F0000 detected 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Reset Code set. 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit Reader ...........: Yubico YubiKey CCID [Pico Key HID Interface] (A9B20E0FC513E195) 00 00 Application ID ...: D276000124010304FFFEA9B20E0F0000 Application type .: OpenPGP Version ..........: 3.4 Manufacturer .....: unmanaged S/N range Serial number ....: A9B20E0F Name of cardholder: [not set] Language prefs ...: [not set] Salutation .......: URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 KDF setting ......: off UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] Admin commands are allowed gpg: OpenPGP card no. D276000124010304FFFEA9B20E0F0000 detected 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit PIN changed. 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit PIN changed. 1 - change PIN 2 - unblock PIN 3 - change Admin PIN 4 - set the Reset Code Q - quit </details>
polhenarejos commented 2025-05-12 17:17:20 +08:00 (Migrated from github.com)
Copy Link

It was a problem of the order of loading DEK and PIN check.

It was a problem of the order of loading DEK and PIN check.
👍 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label bug good first issue
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
dearsky
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dearsky/pico-openpgp#32
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?