[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: Did I just fry my smartcard?
From:       Grant Olson <kgo () grant-olson ! net>
Date:       2011-01-31 4:26:14
Message-ID: 4D4639E6.4040009 () grant-olson ! net
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On 01/30/2011 11:18 AM, Grant Olson wrote:
>
> 
> With those options enabled, I tried issuing the reset codes.  First time
> it complained because no card was inserted.  Second time it complained
> because it couldn't find a supported application on the card.  I'm not
> sure if that message is normal when the card is in admin-lockout mode,
> or if it indicates there are more serious prolems with the card.
> 
> grant@johnyaya:~$ gpg-connect-agent
>> scd apdu 00 e6 00 00
> ERR 100663406 Card removed <SCD>
>> scd apdu 00 44 00 00
> ERR 100663406 Card removed <SCD>
>> scd serialno
> ERR 100663351 Invalid value <SCD>
>> scd apdu 00 e6 00 00
> ERR 100663351 Invalid value <SCD>
>> scd apdu 00 44 00 00
> ERR 100663351 Invalid value <SCD>
>>
> 
> 

...

Okay, I solved the problem.  I'm just describing what I did for the sake
of the archives and future generations...

Numerous attempts to get the serial number of the card or issue reset
commands via gpg-connect-agent failed, on different computers, different
OS'es, etc.

I downloaded the debian package pcsc-tools.  Surprisingly, the command
'pcsc_scan' picked up on the fact that I had an OpenPGP card right away,
despite gpg-agent and gpg2 --card-status failures to recognize the card.

From there I tried the APDU reset commands via the tool 'gscriptor',
also included with 'pcsc-tools':

00 e6 00 00
00 44 00 00

Still nothing.

From the OpenPGP Card 2.0 spec, it seemed there were two commands I
could issue after TERMINATE DF (00 e6 00 00).  One was ACTIVATE FILE (00
44 00 00) which I've been trying repeatedly.  The other was SELECT FILE
(00 A4 04 00 06 D2 76 00 01 24 01 00).  So I tried that.

BAM!  It worked.  At some point yesterday I also tried to send SELECT
FILE via gpg-connect-agent, and I know that didn't work.

Not sure why gscriptor seemed to work better than gpg-connect-agent and
'scd apdu', but all's well that ends well.  The only obvious difference
is that I could just tell gscriptor to turn on the card, without having
to issue something like a serialno command to spin it up.

-Grant




["signature.asc" (application/pgp-signature)]

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic