Scripted reset of PINs on smartcards.
    Dirk-Willem van Gulik 
    dirkx at webweaving.org
       
    Sun Jul 30 19:29:29 CEST 2017
    
    
  
Am I right in understanding that, unless one wants to get into chat-expect and a fair bit of state logic behind a `fake’ pinentry — one cannot easily edit the PINs on a (fresh) smartcard by piping in a command sequence?
And in order to do so - does one really have to talk to the scdaemon directly ? Or is there a way to pass the (binary) PINs’ through a normal gpg-connect-agent channel (with the SCD prefix) ?
Dw.
#!/bin/sh
# Factory default
OLDMASTER=12345678
NEWMASTER=${MASTER:-87654321}
NEWPIN=${PIN:-654321}
NEWRESET=${RESET:-010101}
# Reset the OpenPGP applet on the card.
#
cat <<EOM | gpg-connect-agent
/hex
scd serialno
……..snipped …..
scd apdu 00 44 00 00
EOM
# Set the PINs to non-factory defaults.
#
(
	echo PASSWD 3
	((echo -n D $OLDMASTER; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
	echo END
	((echo -n D $NEWMASTER; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
	echo END
	echo PASSWD --reset 1
	((echo -n D $NEWMASTER; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
	echo END
	((echo -n D $NEWPIN; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
	echo END
	echo PASSWD --reset 2
	((echo -n D $NEWMASTER; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
	echo END
	((echo -n D $NEWRESET; dd bs=1 count=90 if=/dev/zero status=none) | dd bs=1 count=90 status=none; echo ) | dd status=none
	echo END
	……..snipped …..
	echo BYE
) |  nc -U  $XXXX/S.scdaemon 
    
    
More information about the Gnupg-users
mailing list