diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java index 19962b164..beed8a119 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java @@ -209,6 +209,10 @@ public class SecurityTokenConnection { } } + public void resetPw3Validation() { + mPw3Validated = false; + } + @VisibleForTesting void determineTokenType() throws IOException { tokenType = mTransport.getTokenTypeIfAvailable(); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index 1834c2762..8b808266d 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -25,7 +25,6 @@ package org.sufficientlysecure.keychain.ui; import java.io.IOException; import java.nio.ByteBuffer; import java.util.Arrays; -import java.util.Map; import android.content.Intent; import android.os.AsyncTask; @@ -293,9 +292,12 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity { mInputParcel = mInputParcel.withCryptoData(subkeyBytes, tokenSerialNumber); } - // change PINs afterwards - stConnection.resetPin(newPin, adminPin); + // First set Admin PIN, then PIN. + // Order is important for Gnuk, otherwise it will be set up in "admin less mode". + // http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-pw1-pw3-and-reset-code stConnection.modifyPw3Pin(newAdminPin, adminPin); + stConnection.resetPw3Validation(); + stConnection.resetPin(newPin, new Passphrase(new String(newAdminPin))); break; }