43 lines
1.3 KiB
Markdown
43 lines
1.3 KiB
Markdown
# Setting Smart Card Pins
|
|
|
|
In order to protect unauthorized use of smart cards, PINs are leveraged.
|
|
|
|
There are two pins with different levels of authorization for making changes
|
|
to the smart card:
|
|
|
|
* User PIN
|
|
|
|
* Admin PIN
|
|
|
|
Both PINs support alphanumeric characters and typically need to be at least 6
|
|
characters long.
|
|
|
|
For Operator Keys it is recommended to use the default PINs, while for Location
|
|
Keys, PINs are generated by the `keyfork` utility and have high entropy.
|
|
|
|
**WARNING** Different smart cards have different failure thresholds, but typically after
|
|
entering the PIN incorrectly 3-10 times, the smart card is permanently locked
|
|
and can no longer be used.
|
|
|
|
## Guide
|
|
|
|
To set the smart card pins you may use the `gpg` utility. This guide should be
|
|
completed in a trusted environment, such as on a airgapped machine running
|
|
AirgapOS.
|
|
|
|
1. Plug the smart card into a computer which has the `gpg` utility intalled
|
|
2. Use the command `gpg --edit-card` to enter edit mode
|
|
3. gpg/card>
|
|
* Input `admin`, press Enter
|
|
4. Your selection?
|
|
* Input 1, press Enter
|
|
5. Please enter the PIN:
|
|
* Enter old PIN (default is 123456), press Enter
|
|
6. New PIN:
|
|
* Enter the new PIN, press Enter
|
|
7. Repeat this PIN:
|
|
* Enter the new PIN, press Enter
|
|
|
|
8. For the Admin PIN, the steps are the same, except in step 4, input "3", then
|
|
press Enter.
|