Setting Smart Card Pins

In order to protect unauthorized use of smart cards, we can leverage PINs.

There are two pins with different levels of authorization for making changes to the smart card:

  • User PIN

  • Admin PIN

Both PINs support alphanumeric characters and typically need to be at least 6 characters long.

For Operator Keys it is recommended to use the default PINs, while for Location Keys, PINs are generated by the keyfork utility and have high entropy.

Guide

To set the smart card pins you may use the gpg utility.

  1. Plug the smart card into a computer which has the gpg utility intalled

  2. Use the command gpg --edit-card to enter edit mode

  3. gpg/card>

    • Input admin, press Enter

  4. Your selection?

    • Input 1, press Enter

  5. Please enter the PIN:

    • Enter old PIN (default is 123456), press Enter

  6. New PIN:

    • Enter the new PIN, press Enter

  7. Repeat this PIN:

    • Enter the new PIN, press Enter

  8. For the Admin PIN, the steps are the same, except in step 4, input "3", then press Enter.

  9. Once done, shut down the computer