“Hardware problem” with OpenPGP smart card
Werner Koch
wk at gnupg.org
Tue Dec 8 12:21:08 CET 2020
On Mon, 7 Dec 2020 23:37, Nicolas Boullis said:
> Hence, I think my card is really dead.
yeah :-(
> I see that the card includes a signature counter (which reads 89), hence
> I understand the card has to write the EEPROM (to update the counter)
Yes, this one reason to write to the EEPROM. However, this is a way too
low number for a failure. A few years ago we had a similar report and
the Zeitcontrol folks did some testing. A 100000 operations were not a
problem at all. From my understanding the EEPROM of the chip used by
Zeitcontrol allows for much more r/w cycles than what you usually get
from an average Atmel or so microcontroller. Anyway, my STM32 based
Gnuk token did about 8000 signing operaion with the first key.
> between 1,000 and 10,000 authentications with that card. I think it
> might be sufficient to wear an EEPROM.
Nope.
> Also, the card reports 2 tries left for the PIN code, which means that
> my last try to unlock the unlock the pin was a failure. Did the card
> somehow fail updating the retry counter? (Either when I typed the wrong
It failed. Smartcards handle verification by first decrementing the
retry counter, running the verify, and on success incrementing the retry
counter. This is so that a power glitch can't be used to trick out the
retry counter. This method explains why you see 2.
> If there’s anything I can do to investigate that failure, please tell
> me.
The card should not allow you to investigate things even after a failure.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20201208/d0e4cdca/attachment.sig>
More information about the Gnupg-users
mailing list