Cryptnox Docs

cryptnox-logo

Change PIN Command

This command allows the user to update either the PIN command or the PUK code. The update can occur only under secure conditions and with proper authentication. This command ensures the integrity and security of the authentication system.




  def change_pin(new_pin: str):
      card.change_pin(new_pin)

  # For example:
  change_pin("132456122")


  def change_puk(current_puk: str, new_puk: str):
      card.change_puk(current_puk, new_puk)

  # For example:
  change_puk("09875789012", "01591789012")

Change PIN Command: Understanding APDU Components

The following table outlines the components of the Application Protocol Data Unit (APDU). 

Field

Description

Value

CLA

This field specifies the class of the instruction.

0x80

INS

This field specifies the particular command or operation that the smart card or secure element should execute.

0x21

P1

First parameter of the instruction that specifies the details about the operation being requested.

PIN/PUK selector

P2

First parameter of the instruction that specifies additional details about the operation being requested.

0x00

Data

Key data

The new PIN/PUK

📘

Note

  • This command is available only after Secure Channel has been established.
  • To change the PIN:
    • The user must be PIN-authenticated, OR
    • The current PUK must be provided in the payload.
  • To change the PUK, both the new PUK and current PUK must be provided.
  • If authentication is not fulfilled correctly, the change fails.

Input Validation Rules

  • PIN command must be:
    • 9 characters
    • Start with at least 4 digits (‘0’–’9’)
    • Padded with 0x00 to reach 9 bytes if fewer than 9 digits are used
  • PUK must be:
    • 12 characters long
    • Exactly 24 bytes when changing PUK (NewPUK + CurrentPUK)

Data Field Format

Condition

Data Value

P1 = 0x00 (Change PIN)

If PIN Command is already verified:
Data = newPIN (9 bytes)

If PIN is not verified (e.g., forgotten):
Data = newPIN (9 bytes) + currentPUK (12 bytes)

P1 = 0x01 (Change PUK)

Data = newPUK (12 bytes) + currentPUK (12 bytes)

Response

The following table outlines the possible responses that you will receive:

Response Code

Description

0x9000

Success

0x6A80

Invalid PIN/PUK format

0x6985

PIN Command not validated or card not initialized

0x9840

Invalid PUK when attempting to change PIN with it

0x63Cx

Remaining PIN tries (x indicates attempts left); resets any user session

Product Documentation

Admin Commands

Signature Commands

Menu
Menu
cryptnox-logo
Menu