Oops. I locked the card again
Even though I don't have to type my password anymore I sometimes forget and type it anyway. That used to work but with the way I have the system configured if the smart card is plugged in it takes the password as the PIN. This fails and uses an attempt. I only get 3 attempts and then the card is locked.
Today I locked myself out of my systems and could not decrypt the hard drive on boot after this happened. This is because the default LUKS decrypt scripts do not allow a fallback to passphrase. (I hacked in my own fallback but can't get my own scripts to run properly so the changes to the original script get overwritten on updates.)
I had to boot up another working system (in this case the kubuntu USB installer) and unblock the smartcard.
sudo apt install scdaemon opensc
Next I had to edit the card
gpg --card-edit
gpg/card> unblock
gpg: OpenPGP card no. XXXXXXXXXXXXXXXXXXXXXXXXXx detected
gpg: Reset Code not or not anymore available
got errors... not good.
I had to use admin mode to reset the pin.
gpg/card> admin
Admin commands are allowed
gpg/card> unblock
gpg: OpenPGP card no. XXXXXXXXXXXXXXXXXXXXXXXXXx detected
gpg: Reset Code not or not anymore available
gpg/card> passwd
gpg: OpenPGP card no. XXXXXXXXXXXXXXXXXXXXXXXXXx detected
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? 2
... GUI prompts here let me enter admin pin and set a new user PIN ...
PIN unblocked and new PIN set.
1 - change PIN
2 - unblock PIN
3 - change Admin PIN
4 - set the Reset Code
Q - quit
Your selection? q
pkcs11-tool --
pkcs11-tool --