robin-nitrokey
commented
1 year ago Factory reset is a two-step process in the OpenPGP card protocol: First you have to terminate the card, then activate it again. The script you executed first tries to activate the card (which is a no-op if the card has not been terminated), and then terminates it. This means that the card is stuck in the termination state. In this state, the card does not allow any commands except activation. If you would have swapped the last two APDUs, the command should have worked.
You should be able to fix this by running the following steps with gpg-connect-agent. (Make sure that there is no other smartcard device connected to your machine before running this!)
/hex
scd serialno undefined
scd apdu 00 a4 04 00 06 d2 76 00 01 24 01
scd apdu 00 44 00 00
/byeThe last APDU may take a few seconds to execute. You may have to restart scdaemon after this (or just re-connect the device).
APN-Pucky
I followed this guide to get my keys on the nitrokey 3 ( v1.4.0-rc.1): https://wiki.gentoo.org/wiki/Project:Infrastructure/Nitrokey_Pro_2_guide_for_Gentoo_developers I set the PIN and Admin PIN to 12345678 and wanted to sign git commits with it. During the commit I got prompted for the Admin PIN but my (correct) pin was not accepted so I quickly ran into the PIN retry counter.
I decided to run
gpg-connect-agent < reset.txtwith following reset.txt (from this thread https://lists.gnupg.org/pipermail/gnupg-users/2015-February/052376.html)results in the key no longer being detected by
gpg --card-status. I now knowfactor-resetwould have probably been safer, but is there a way to reset the (whole) key?Cheers APN