Page MenuHome GnuPG

Kleopatra: Allow PIN reset with Admin-PIN
Testing, NormalPublic


In gpg you can reset the PIN either with the PUK or - if you enable admin commands - with the Admin-PIN. This should be possible in Kleopatra, too.

We don't need a new button for this, just switch to asking for the Admin-PIN if the PUK counter is 0 (i.e. disabled or no tries left).

Event Timeline

For OpenPGP cards >= v2.0 there is no PUK due to updated ISO standards but we use the term in Kleopatra for the Reset-Code.

werner added a project: Feature Request.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the task status from Open to Testing.Jun 14 2024, 12:21 PM


Note for testing: To reduce the PUK counter to 0 you have to enter a wrong PUK for "Unlock Card". The wrong PUK must have at least 8 characters. Otherwise, gpg-agent will consider the PUK wrong without even asking the smart card so that the smart card doesn't get a chance to reject the PUK and decrease the PUK counter.

Will this be backported? Since the pgpcardwidget otherwise contains strings which are neither in master nor in kf5 I would say so.

"Unblock the Smartcard with the PUK" -> Is in Gpg4win 24.05 but _not_ in origin/kf5 while with this change here in master it is now:
"Unblock the smart card with the PUK (if available) or the Admin PIN."

We currently can only translate strings which are either in master or in kf5. Otherwise things get much more complicated as we would then need our own message extraction and a place for the po files etc.

It's not tagged vsd33 and I didn't plan to backport this since it depends on other changes (T6787) that are master-only.