docs/trove/src/component-documents/setting-smart-card-pins.md

Setting Smart Card Pins

In order to protect unauthorized use of smart cards, PINs are leveraged.

There are two pins with different levels of authorization for making changes to the smart card:

• User PIN

• Admin PIN

Both PINs support alphanumeric characters and typically need to be at least 6 characters long.

For Operator Keys it is recommended to use the default PINs, while for Location Keys, PINs are generated by the keyfork utility and have high entropy.

WARNING Different smart cards have different failure thresholds, but typically after entering the PIN incorrectly 3-10 times, the smart card is permanently locked and can no longer be used.

Guide

To set the smart card pins you may use the gpg utility. This guide should be completed in a trusted environment, such as on a airgapped machine running AirgapOS.

1. Plug the smart card into a computer which has the gpg utility intalled

2. Use the command gpg --edit-card to enter edit mode

3. gpg/card>

   • Input admin, press Enter

4. Your selection?

   • Input 1, press Enter

5. Please enter the PIN:

   • Enter old PIN (default is 123456), press Enter

6. New PIN:

   • Enter the new PIN, press Enter

7. Repeat this PIN:

   • Enter the new PIN, press Enter

8. For the Admin PIN, the steps are the same, except in step 4, input "3", then press Enter.