Verify PIN
Command APDU info
CLA | INS | P1 | P2 | Lc | Data | Le |
---|---|---|---|---|---|---|
00 | 20 | 00 | 80 | 08 | PIN | (absent) |
Response APDU info
Response APDU for VERIFY (success)
Total Length: 2
Data Length: 0
Data | SW1 | SW2 |
---|---|---|
(no data) | 90 | 00 |
Response APDU for VERIFY (Invalid PIN)
Total Length: 2
Data Length: 0
Data | SW1 | SW2 |
---|---|---|
(no data) | 63 | C4 |
If the PIN entered is incorrect, then the error is 63 CX
where X is the number of
retries remaining. In the above, there are 4 retries remaining.
Response APDU for VERIFY (PIN Blocked)
Total Length: 2
Data Length: 0
Data | SW1 | SW2 |
---|---|---|
(no data) | 69 | 83 |
Whe the YubiKey returns this Status Word, it is not saying the PIN is incorrect. It is simply reporting that there are no retries remaining and the PIN is blocked. Maybe the PIN supplied is correct, maybe not. However, because the PIN has been blocked, authentication was denied.
Examples
$ opensc-tool -c default -s 00:a4:04:00:09:a0:00:00:03:08:00:00:10:00
-s 00:20:00:80:08:31:32:33:34:35:36:ff:ff
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 0
Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
Received (SW1=0x90, SW2=0x00):
61 11 4F 06 00 00 10 00 01 00 79 07 4F 05 A0 00
00 03 08
Sending: 00 20 00 80 08 31 32 33 34 35 36 FF FF
Received (SW1=0x90, SW2=0x00)