Did I just fry my smartcard?

Grant Olson kgo at grant-olson.net
Mon Jan 31 05:26:14 CET 2011 

On 01/30/2011 11:18 AM, Grant Olson wrote:
>
> 
> With those options enabled, I tried issuing the reset codes.  First time
> it complained because no card was inserted.  Second time it complained
> because it couldn't find a supported application on the card.  I'm not
> sure if that message is normal when the card is in admin-lockout mode,
> or if it indicates there are more serious prolems with the card.
> 
> grant at johnyaya:~$ gpg-connect-agent
>> scd apdu 00 e6 00 00
> ERR 100663406 Card removed <SCD>
>> scd apdu 00 44 00 00
> ERR 100663406 Card removed <SCD>
>> scd serialno
> ERR 100663351 Invalid value <SCD>
>> scd apdu 00 e6 00 00
> ERR 100663351 Invalid value <SCD>
>> scd apdu 00 44 00 00
> ERR 100663351 Invalid value <SCD>
>>
> 
> 

...

Okay, I solved the problem.  I'm just describing what I did for the sake
of the archives and future generations...

Numerous attempts to get the serial number of the card or issue reset
commands via gpg-connect-agent failed, on different computers, different
OS'es, etc.

I downloaded the debian package pcsc-tools.  Surprisingly, the command
'pcsc_scan' picked up on the fact that I had an OpenPGP card right away,
despite gpg-agent and gpg2 --card-status failures to recognize the card.

From there I tried the APDU reset commands via the tool 'gscriptor',
also included with 'pcsc-tools':

00 e6 00 00
00 44 00 00

Still nothing.

From the OpenPGP Card 2.0 spec, it seemed there were two commands I
could issue after TERMINATE DF (00 e6 00 00).  One was ACTIVATE FILE (00
44 00 00) which I've been trying repeatedly.  The other was SELECT FILE
(00 A4 04 00 06 D2 76 00 01 24 01 00).  So I tried that.

BAM!  It worked.  At some point yesterday I also tried to send SELECT
FILE via gpg-connect-agent, and I know that didn't work.

Not sure why gscriptor seemed to work better than gpg-connect-agent and
'scd apdu', but all's well that ends well.  The only obvious difference
is that I could just tell gscriptor to turn on the card, without having
to issue something like a serialno command to spin it up.

-Grant



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110130/743a3930/attachment.pgp>

More information about the Gnupg-users mailing list