Managing PIN codes

Warning

The PIN code protects access to your smart card.
It is asked whenever you access your smart card.

There are two levels of protection codes:

PIN code: the normal access PIN code. The PIN code should be easy to remind and should be learned by heart. Usually it contains only numbers. If you live in Europe and use a credit card, this is the equivalent of your credit card PIN number.
PUK code: personal unblocking code used when the PIN code was lost. You should always code down you PUK code and keep it in a safe place. In a production environment, it should be very log to protect against brute force attack.

Listing PIN codes

To list existing PIN codes:

$ pkcs15-tool --list-pins

Using reader with a card: Feitian SCR301 01 00
PIN [User PIN]
Com. Flags: 0x3
ID : 01
Flags : [0x32], local, initialized, needs-padding
Length : min_len:4, max_len:16, stored_len:16
Pad char : 0x00
Reference : 1
Type : ascii-numeric
Path :

Here, we have a single PIN with ID 01.

Changing PIN code

To change PIN code:

$ pkcs15-tool --change-pin

Using reader with a card: Feitian SCR301 01 00
Enter old PIN [User PIN]:
Enter new PIN [User PIN]:
Enter new PIN again [User PIN]:

You will be asked to enter the old PIN code and then the new PIN code twice.

PIN code retries

Notice: this feature is fully implemented in OpenSC svn.
After entering a wrong PIN code, you can query how many tries are left:

pkcs15-tool --list-pins

Using reader with a card: Feitian SCR301 01 00
[...]
Tries left: 3

When the card is locked, the number of tries left reaches 0.

You may also query the status of a locked card running the following command:

pkcs11-tool --module /usr/lib/opensc-pkcs11.so --test-hotplug

Testing card detection using C_GetSlotList()
Please press return to continue, x to exit:
Available slots:
Slot 0 (0xfffffffffffffffe): Virtual hotplug slot
(empty)
Slot 1 (0x1): Feitian SCR301 00 00
token label: François Pérou (User PIN)
token manuf: EnterSafe
token model: PKCS#15
token flags: rng, login required, PIN initialized, token initialized, user PIN locked
serial num : 2963094713181210
Slot 2 (0x2): Feitian SCR301 00 00
(empty)
Slot 3 (0x3): Feitian SCR301 00 00
(empty)
Slot 4 (0x4): Feitian SCR301 00 00
(empty)

Notice "User PIN locked" in token flags.

Unlock pin code

When the PIN code is lost, you will need to enter the Personal Unblocking Code (PUK):

$ pkcs15-tool --unblock-pin

Using reader with a card: Feitian SCR301 01 00
Enter PUK [User PIN]:
Enter new PIN [User PIN]:
Enter new PIN again [User PIN]:

In our example, the PUK code was: 111111
This option is very useful to change a PIN code when you forgot it.

PIN code and PUK code lost

Using the Feitian PKI, there is nothing you can do.
You will need to erase and initialize your smart card.

Using the ePass2003, unlock using SO-PIN.

Bookmark/Search this post with

Learn how to buy without VAT. Read our shipping policies. Validate your account using SMS to allow shipping small items at low price.

Feitian PKI: 12.90€

Buy the FEITIAN PKI card for only 12.90€. We ship to any European-Union country starting from 0.90 €. Learn more ...

Feitian ePass PKI token: 34.90€

Discover the best token for GNU/Linux, Mac OS X and Windows. Full support from OpenSC free software solutions, no proprietary driver needed.

PIN code security.
RSA keys up to 2048bit.
Standard X.509 v3 certificates.
On-board RSA DES 3DES SHA1.
Both PKCS#11 and MS-CAPI.
64K user space.
Compatible with: Iceweasel, Firefox, Evolution, Seahorse, OpenSSL, OpenSSH, PAM P11 and PAM PKCS11 authentication modules, Strongswan, Putty CAC, WinSCP, LoopAES, Truecrypt, etc...
Tested with online CAs like CaCert.org and StartSSL.

Buy the FEITIAN ePass PKI token for only 34.90€ ... 30 day satisfied or cash back.

Fast delivery
Order placed on GOOZE before 15:00 are shipped the same day. Orders placed after 15:00 are shipped next business day.

Apply for a free FEITIAN PKI card

GOOZE and FEITIAN are happy to donate 20 Feitian PKI cards to Free Software projects. If your project meets certain criteria, please apply for a free card.

Translating GOOZE

GOOZE is being translated into French. Thank you for your patience!