Two more things: The command should be "24" not "2C". 2C is to reset the user pin if the pin is locked. "24" is to reset one of the pins if the pin is known. The script I sent you has an error. Sorry about that.
piv-tool -s 00:24:00:81:10:31:32:33:34:FF:FF:FF:FF:31:31:31:31:FF:FF:FF:FF BUT: NIST 800-73-2 part 2 Section 3.2.2 says: "The ability to change reference data associated with key references '81' and '00' using the PIV Card Application CHANGE REFERENCE DATA command is optional." Thus you need to consult the Gemalto manuals to see if this is implemented On 12/12/2012 8:01 PM, Ravneet Singh Khalsa wrote: > Hi Douglas, > > Thanks for your suggestion. I tried the following command. > > piv-tool -s 00:2C:00:81:10:31:32:33:34:FF:FF:FF:FF:31:31:31:31:FF:FF:FF:FF > (changing Admin Pin from 1234 to 1111) > > It didn't work for me. The output of the command above is attached. See if > there is something that you can figure out. > > Thanks. > > > -----Original Message----- > From: opensc-devel-boun...@lists.opensc-project.org > [mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of Douglas > E. Engert > Sent: Wednesday, December 12, 2012 7:31 AM > To: opensc-devel@lists.opensc-project.org > Subject: Re: [opensc-devel] Changing Admin PIN on PIV card > > > > On 12/11/2012 8:06 PM, Ravneet Singh Khalsa wrote: >> Hi, >> >> Does there any tool or API exists to change Admin PIN on Gemalto PIV Cards > ? > > If the card is following NIST 800-73-3 The piv-tool can do it. > > 800-73 leaves a lot of card management commands up to the vendor, so check > the vendor docs on this and what is the initial PUK. The PUK is not used be > the end user, and some commands to the card may require the global pin vs > the PIV application PIN or PUK as defined in 800-73-3. > > > piv-tool -s 00:2C:00:81:10:$OLDPUK:$NEWPUK > > Where $OLDPUK is the current and $NEWPUK is the new one Both are hex > representation of the numbers padded to 8 with FF > > So to change from 1234567 to 112233 > piv-tool -s > 00:2C:00:81:10:31:32:33:34:35:36:37:ff:31:31:32:32:33:33:ff:ff > > On some cards the previous PUK may have been all hex zeros. > > The attached script could be used. It is assuming a $1 parameter that is a > card number ($CARDN) that is used to look up information about the card, > such as the previous PUK in ./cards/$CARDN/ > > >> >> Thanks. >> >> >> >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel >> > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
