Bug#864788: [pkg-gnupg-maint] Bug#864788: Bug#864788: cache TTL values ignored for smartcard PINs

also sprach martin f krafft [2017-06-16 20:26 +0200]: > I tried card-timeout 5 just now and even after 10 seconds, I can > sign messages without a PIN just fine… multiple times. So either > I am doing it wrong or it's doing it wrong ;) For the record, I've now had

Bug#864788: [pkg-gnupg-maint] Bug#864788: Bug#864788: cache TTL values ignored for smartcard PINs

also sprach Werner Koch [2017-06-15 21:40 +0200]: > A workaround is to force a reset of the card by putting > > card-timeout N > > in scdaemon.conf which shuts down the card after N seconds. Well, as of > now N is just a binary flag to tell sdaemon to shutdown the card at the

Bug#864788: [pkg-gnupg-maint] Bug#864788: Bug#864788: cache TTL values ignored for smartcard PINs

also sprach Daniel Kahn Gillmor [2017-06-16 02:44 +0200]: > Does it make sense to keep this architectural parallel clean, when it > makes the user's mental model more complex? or would it make sense to > try to map the simpler mental model to the underlying architecture,

Bug#864788: [pkg-gnupg-maint] Bug#864788: Bug#864788: cache TTL values ignored for smartcard PINs

On Thu 2017-06-15 21:40:28 +0200, Werner Koch wrote: > The properties of a smartcard and an on-disk key are very different. In > fact a smartcard should be considered another gpg-agent to which > gpg-agent delegates its operation. I understand this idea from the implementation perspective, and

Bug#864788: [pkg-gnupg-maint] Bug#864788: Bug#864788: cache TTL values ignored for smartcard PINs

On Thu, 15 Jun 2017 17:43, d...@fifthhorseman.net said: > I believe that killing gpg-agent kills scdaemon, which de-initializes > the smartcard on shutdown, which takes it out of authenticated mode. Right the smartcard is power-cycled and thus it clears all its transient state. > on whether

Bug#864788: [pkg-gnupg-maint] Bug#864788: cache TTL values ignored for smartcard PINs

On Wed 2017-06-14 23:26:22 +0200, martin f krafft wrote: > also sprach Teemu Likonen [2017-06-14 22:48 +0200]: >> That's because the OpenPGP card (Yubikey) itself goes to authenticated >> mode and don't require the PIN anymore. > > If that's the case — thanks for putting it so

Bug#864788: cache TTL values ignored for smartcard PINs

also sprach Teemu Likonen [2017-06-14 22:48 +0200]: > That's because the OpenPGP card (Yubikey) itself goes to authenticated > mode and don't require the PIN anymore. If that's the case — thanks for putting it so concisely — then why does killing gpg-agent mean having to enter a

Bug#864788: cache TTL values ignored for smartcard PINs

martin f. krafft [2017-06-14 22:13:16+02] wrote: > While normal gpg-agent operation regarding --default-cache-ttl and > --max-cache-ttl is exactly as documented, these values are completely > ignored when using keys stored on a Yubikey (a GPG 2.1 compatible > smartcard). Instead, the PIN seems to

Bug#864788: cache TTL values ignored for smartcard PINs

Package: gnupg-agent Version: 2.1.18-8 Severity: normal File: /usr/bin/gpg-agent Tags: security While normal gpg-agent operation regarding --default-cache-ttl and --max-cache-ttl is exactly as documented, these values are completely ignored when using keys stored on a Yubikey (a GPG 2.1