On 12/12/2012 8:01 PM, Ravneet Singh Khalsa wrote:
> Hi Douglas,
>
> Thanks for your suggestion. I tried the following command.
>
> piv-tool -s 00:2C:00:81:10:31:32:33:34:FF:FF:FF:FF:31:31:31:31:FF:FF:FF:FF
> (changing Admin Pin from 1234 to 1111)
>
> It didn't work for me. The output of the command above is attached. See if
> there is something that you can figure out.
That looks very strange, almost like it never ran the command.
What would help more would be to turn on debugging in the opensc.conf,
debug = 7; and change the debug_file = some.out.out.file;
This would show that OpenSC found that this was a PIV card, and
any other commands sent to the card to test what type of card
it is.
If you could send The debug output from opensc-tool -n
You say these are Gemalto PIV cards.
Do they have actual data on the cards, even demo data?
Are they Global Platform cards?
What is the ATR?
Do you have the Gemalto manual?
Do they say anything about how to change the admin PIN?
Did they say anything about unlocking the card before
doing anything with the card?
NIST requires blank cards with the PIV application
on the card to be transported locked with the unlocking
keys send in some other way. The locking may be
done using GP.
Did they send any pins or keys with the cards?
(They must have, otherwise you would not know what was
the admin PIN.)
>
> Thanks.
>
>
> -----Original Message-----
> From: opensc-devel-boun...@lists.opensc-project.org
> [mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of Douglas
> E. Engert
> Sent: Wednesday, December 12, 2012 7:31 AM
> To: opensc-devel@lists.opensc-project.org
> Subject: Re: [opensc-devel] Changing Admin PIN on PIV card
>
>
>
> On 12/11/2012 8:06 PM, Ravneet Singh Khalsa wrote:
>> Hi,
>>
>> Does there any tool or API exists to change Admin PIN on Gemalto PIV Cards
> ?
>
> If the card is following NIST 800-73-3 The piv-tool can do it.
>
> 800-73 leaves a lot of card management commands up to the vendor, so check
> the vendor docs on this and what is the initial PUK. The PUK is not used be
> the end user, and some commands to the card may require the global pin vs
> the PIV application PIN or PUK as defined in 800-73-3.
>
>
> piv-tool -s 00:2C:00:81:10:$OLDPUK:$NEWPUK
>
> Where $OLDPUK is the current and $NEWPUK is the new one Both are hex
> representation of the numbers padded to 8 with FF
>
> So to change from 1234567 to 112233
> piv-tool -s
> 00:2C:00:81:10:31:32:33:34:35:36:37:ff:31:31:32:32:33:33:ff:ff
>
> On some cards the previous PUK may have been all hex zeros.
>
> The attached script could be used. It is assuming a $1 parameter that is a
> card number ($CARDN) that is used to look up information about the card,
> such as the previous PUK in ./cards/$CARDN/
>
>
>>
>> Thanks.
>>
>>
>>
>> _______________________________________________
>> opensc-devel mailing list
>> opensc-devel@lists.opensc-project.org
>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>
>
--
Douglas E. Engert <deeng...@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
