also sprach martin f krafft [2017-06-16 20:26 +0200]:
> I tried card-timeout 5 just now and even after 10 seconds, I can
> sign messages without a PIN just fine… multiple times. So either
> I am doing it wrong or it's doing it wrong ;)
For the record, I've now had
also sprach Werner Koch [2017-06-15 21:40 +0200]:
> A workaround is to force a reset of the card by putting
>
> card-timeout N
>
> in scdaemon.conf which shuts down the card after N seconds. Well, as of
> now N is just a binary flag to tell sdaemon to shutdown the card at the
also sprach Daniel Kahn Gillmor [2017-06-16 02:44
+0200]:
> Does it make sense to keep this architectural parallel clean, when it
> makes the user's mental model more complex? or would it make sense to
> try to map the simpler mental model to the underlying architecture,
On Thu 2017-06-15 21:40:28 +0200, Werner Koch wrote:
> The properties of a smartcard and an on-disk key are very different. In
> fact a smartcard should be considered another gpg-agent to which
> gpg-agent delegates its operation.
I understand this idea from the implementation perspective, and
On Thu, 15 Jun 2017 17:43, d...@fifthhorseman.net said:
> I believe that killing gpg-agent kills scdaemon, which de-initializes
> the smartcard on shutdown, which takes it out of authenticated mode.
Right the smartcard is power-cycled and thus it clears all its transient
state.
> on whether
On Wed 2017-06-14 23:26:22 +0200, martin f krafft wrote:
> also sprach Teemu Likonen [2017-06-14 22:48 +0200]:
>> That's because the OpenPGP card (Yubikey) itself goes to authenticated
>> mode and don't require the PIN anymore.
>
> If that's the case — thanks for putting it so
also sprach Teemu Likonen [2017-06-14 22:48 +0200]:
> That's because the OpenPGP card (Yubikey) itself goes to authenticated
> mode and don't require the PIN anymore.
If that's the case — thanks for putting it so concisely — then why
does killing gpg-agent mean having to enter a
martin f. krafft [2017-06-14 22:13:16+02] wrote:
> While normal gpg-agent operation regarding --default-cache-ttl and
> --max-cache-ttl is exactly as documented, these values are completely
> ignored when using keys stored on a Yubikey (a GPG 2.1 compatible
> smartcard). Instead, the PIN seems to
Package: gnupg-agent
Version: 2.1.18-8
Severity: normal
File: /usr/bin/gpg-agent
Tags: security
While normal gpg-agent operation regarding --default-cache-ttl and
--max-cache-ttl is exactly as documented, these values are
completely ignored when using keys stored on a Yubikey (a GPG 2.1
9 matches
Mail list logo