Now, scdaemon supports KDF DO, if the card support is available.
It should be supported by gpg command line, somehow.
Description
Description
Revisions and Commits
Revisions and Commits
| rG GnuPG | |||
| rG0152ba7c9874 scd: Support KDF DO setup. | |||
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Resolved | • gniibe | T3152 KDF DO support in OpenPGP card | ||
| Resolved | • gniibe | T3823 gpg frontend support to setup KDF DO | ||
| Resolved | • gniibe | T3891 kdf-setup does not set admin and user PIN codes |
Event Timeline
Comment Actions
It doesn't work because I did mistake for the salt of reset code, it should be 8-byte instead of 4-byte.
Here is a fixed version, which I tested with Gnuk 1.2.8:
Comment Actions
Sorry again. My script was still wrong (didn't work).
Here is a final script, which works for my Gnuk Token version 1.2.8.
I confirmed it's working well.
The fix are (1) a typo of hex value: 02->82, (2) s2k count should be in hex.
Comment Actions
I realized that: once KDF-DO is written to smartcard/token, factory-reset command won't work because it assumes standard PIN format than hashed.
This comment was removed by • gniibe.
Comment Actions
For factory-reset, rG2c85e202bc30: scd: Better user interaction for factory-reset. fixed the issue.