OpenPGP card: verify or set a PIN -> "Conditions of use not satisfied" (69 85)
Achim Pietig
achim at pietig.com
Fri Aug 26 09:30:21 CEST 2011
Hi,
the error is strange and not easy to debug. An error code of 6985 never occurs in the VERIFY function of an OpenPGP card.
The error can only occur in the command CHANGE REFERENCE DATA or RESET RETRY COUNTER, when a new password is too short or too long.
The raw command is correct:
> 2011-08-25 21:49:08 scdaemon[11914] DBG: raw apdu: 00 20 00 83 08 31 32 33 34 35 36 37 38
Hint:
It is necessary to select the OpenPGP application with the SELECT command and the correct AID before sending any commands.
Possible reasons for this error:
- The driver/reader changes bytes/bits of the APDU und the card receives not what is shown in your debug.
- The card is damaged (internal pointer error that jumps into the wrong function).
- The card has an production/personalisation error.
- It is not an OpenPGP card.
Regards,
Achim
Am 25.08.2011 23:11, schrieb Chris Boyle:
> Hi, I'm not sure whether this is a GPG problem as such (and if not, I
> would appreciate a pointer to a suitable list), but I just received an
> OpenPGP v2 card today from Kernel Concepts and am encountering
> "Conditions of use not satisfied" when trying to verify or change
> either of the PINs. An example log, trying to verify the default admin
> PIN, is:
>
> scdaemon[11914]: chan_7 -> INQUIRE NEEDPIN |A|Please enter the Admin PIN
> scdaemon[11914]: chan_7 <- [ 44 20 31 32 33 34 35 36 37 38 00 00 00 00
> 00 00 ...(76 byte(s) skipped) ]
> scdaemon[11914]: chan_7 <- END
> 2011-08-25 21:49:08 scdaemon[11914] DBG: send apdu: c=00 i=20 p1=00
> p2=83 lc=8 le=-1 em=0
> 2011-08-25 21:49:08 scdaemon[11914] DBG: raw apdu: 00 20 00 83 08 31
> 32 33 34 35 36 37 38
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: PC_to_RDR_XfrBlock:
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: dwLength ..........: 13
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: bSlot .............: 0
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: bSeq ..............: 204
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: bBWI
> ..............: 0x04
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver:
> wLevelParameter ...: 0x0000
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: [0010] 00 20
> 00 83 08 31
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: [0016] 32 33
> 34 35 36 37 38
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: RDR_to_PC_DataBlock:
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: dwLength ..........: 2
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: bSlot .............: 0
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: bSeq ..............: 204
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: bStatus ...........: 0
> 2011-08-25 21:49:08 scdaemon[11914] DBG: ccid-driver: [0010] 69 85
> 2011-08-25 21:49:08 scdaemon[11914] DBG: response: sw=6985 datalen=0
> 2011-08-25 21:49:08 scdaemon[11914] verify CHV3 failed: Conditions of
> use not satisfied
> scdaemon[11914]: chan_7 -> ERR 100663427 Conditions of use not satisfied <SCD>
>
> The only discussions I could find of people seeing this error in this
> situation were where people had deny-admin set, which I don't.
>
> The reader is a Vasco DP855 which I received new a few days ago. I
> have no other reader. I have tried the reset-to-factory-defaults file,
> which did not change my results.
>
> Does anyone have any idea what might cause this response? I looked at
> the OpenPGP v2 spec and it just mentioned it as a possible error, not
> causes.
>
> Thanks,
More information about the Gnupg-devel
mailing list