Show / Hide Table of Contents

Verify PIN

Command APDU info

CLA INS P1 P2 Lc Data Le
00 20 00 80 08 PIN (absent)

Response APDU info

Response APDU for VERIFY (success)

Total Length: 2
Data Length: 0

Data SW1 SW2
(no data) 90 00

Response APDU for VERIFY (Invalid PIN)

Total Length: 2
Data Length: 0

Data SW1 SW2
(no data) 63 C4

If the PIN entered is incorrect, then the error is 63 CX where X is the number of retries remaining. In the above, there are 4 retries remaining.

Response APDU for VERIFY (PIN Blocked)

Total Length: 2
Data Length: 0

Data SW1 SW2
(no data) 69 83

Whe the YubiKey returns this Status Word, it is not saying the PIN is incorrect. It is simply reporting that there are no retries remaining and the PIN is blocked. Maybe the PIN supplied is correct, maybe not. However, because the PIN has been blocked, authentication was denied.

Examples

$ opensc-tool -c default  -s 00:a4:04:00:09:a0:00:00:03:08:00:00:10:00
  -s 00:20:00:80:08:31:32:33:34:35:36:ff:ff
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID 0
Sending: 00 A4 04 00 09 A0 00 00 03 08 00 00 10 00
Received (SW1=0x90, SW2=0x00):
61 11 4F 06 00 00 10 00 01 00 79 07 4F 05 A0 00
00 03 08
Sending: 00 20 00 80 08 31 32 33 34 35 36 FF FF
Received (SW1=0x90, SW2=0x00)
  • Improve this Doc
In this article
Back to top Generated by DocFX