Nitrokey 3A Mini PIV reset does not work

[pboguslawski]

Nitrokey 3A Mini (F/W 1.8.3) PIV reset method from docs does not work:

myhost:~$ opensc-tool -s 00:A4:04:00:0B:A000000308000010000100 -s 00:20:00:80:08:FFFFFFFFFFFFFFFF -s 00:20:00:80:08:FFFFFFFFFFFFFFFF -s 00:20:00:80:08:FFFFFFFFFFFFFFFF -s 00:FB:00:00
Using reader with a card: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Sending: 00 A4 04 00 0B A0 00 00 03 08 00 00 10 00 01 00 
Received (SW1=0x90, SW2=0x00)
Sending: 00 20 00 80 08 FF FF FF FF FF FF FF FF 
Received (SW1=0x6A, SW2=0x80)
Sending: 00 20 00 80 08 FF FF FF FF FF FF FF FF 
Received (SW1=0x6A, SW2=0x80)
Sending: 00 20 00 80 08 FF FF FF FF FF FF FF FF 
Received (SW1=0x6A, SW2=0x80)
Sending: 00 FB 00 00 
Received (SW1=0x69, SW2=0x85)

myhost:~$ nitropy nk3 piv --experimental list-certificates
Command line tool to interact with Nitrokey devices 0.11.1
Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Slot	Algorithm              	Subject    	Serial Number                           	Issuer     
----	-----------------------	-----------	----------------------------------------	-----------
9A  	sha256WithRSAEncryption	CN=internal	3a85b5fc7a0c7bafb13c0313cf7f8fbbe14f7756	CN=internal
9D  	sha256WithRSAEncryption	CN=test    	58d58851c3b4d3582dede3bfc90792bdd23e7e80	CN=test    
9E  	sha256WithRSAEncryption	CN=test    	b804cc96c778ab41ca5e0ab372d95251526069a 	CN=test    
82  	sha256WithRSAEncryption	CN=test    	727aa8684133753ec54d5cf84e1ec9f715c4db5e	CN=test    
95  	sha256WithRSAEncryption	CN=test    	1d87ca787fd526c391b9b889aa7a1c4fae251b4b	CN=test

Same problem with other method described in docs:

myhost:~$ nitropy nk3 piv --experimental factory-reset
Command line tool to interact with Nitrokey devices 0.11.1
Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Critical error:
An unhandled exception occurred
	Exception encountered: StatusError(27013)
[...]

nitropy nk3 factory-reset command documented in nitropy nk3 -h seems to work but wipes all apps probably, not just PIV:

myhost:~$ nitropy nk3 factory-reset
Command line tool to interact with Nitrokey devices 0.11.1
Please touch the device to confirm the operation

myhost:~$ nitropy nk3 piv --experimental list-certificates
Command line tool to interact with Nitrokey devices 0.11.1
Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
No certificate found.

[sosthene-nitrokey]

Hi, thank you for the reports!

Factory-reset with nitropy first requires to lock the application pin (0x80), by performing 3 failed logins.
The opensc-tool command was indeed out of date, you can use instead:

opensc-tool -s 00:A4:04:00:0B:A000000308000010000100 -s 00:20:00:80:08:3333333333333333 -s 00:20:00:80:08:3333333333333333 -s 00:20:00:80:08:3333333333333333 -s 00:FB:00:00

We are fixing the docs: Nitrokey/nitrokey-documentation#516