Re: Checking multiple smart cards before asking for one
On Dienstag, 12. Mai 2020 10:56:19 CEST Valentin Ochs wrote: > Hi there, > > I have two smart cards, a regular card that I plug into the builtin reader > of my laptop and a yubikey, that have two different keys on them. I store > some passwords in a file that is encrypted with both keys. > > When I try to access the passwords, pinentry will always ask me to insert > the yubikey first, even if the other card is already inserted. > > Is there a way to define the order this is checked per machine (the laptop > will usually use the card reader, other machines the yubikey), or to force > gpg to check for all cards before asking me to provide one? I'm up for > trying to patch this myself, if somebody will point me in a rough direction Maybe you should optimize for what appears to be your usual scenario (laptop + card reader versus other machines + yubikey) and simply remove the yubikey key from the laptop and the card reader key from the other machines. If gpg only knows about one of the two keys, then it shouldn't ask for the wrong key. If you ever want to use the yubikey on the laptop, then you can simply (re-)import the yubikey key on the laptop. The downside is that this will make synchronization of ~/.gnupg between your laptop and the other machines more difficult. But then you really only need a single key per machine for decrypting your passwords, i.e. you could use dedicated GNUPG_HOMEs just for the encryption keys. Regards, Ingo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Checking multiple smart cards before asking for one
Wiktor Kwapisiewicz [2020-05-12 14:08] wrote: > Hi Valentin, > > I believe this will work seamlessly in GnuPG 2.3. > > You can track this ticket: https://dev.gnupg.org/T4695 Hi Wiktor, thanks for the reply. That issue is indeed what initially prompted me to make a second key for the second card, but seems a bit different from my current use case - I have two completely different keys, but two card readers. Do you think that with that ticket resolved it will allow me to have either key available? Cheers, Valentin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Checking multiple smart cards before asking for one
Hi Valentin, I believe this will work seamlessly in GnuPG 2.3. You can track this ticket: https://dev.gnupg.org/T4695 Kind regards, Wiktor -- https://metacode.biz/@wiktor ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Checking multiple smart cards before asking for one
Hi there, I have two smart cards, a regular card that I plug into the builtin reader of my laptop and a yubikey, that have two different keys on them. I store some passwords in a file that is encrypted with both keys. When I try to access the passwords, pinentry will always ask me to insert the yubikey first, even if the other card is already inserted. Is there a way to define the order this is checked per machine (the laptop will usually use the card reader, other machines the yubikey), or to force gpg to check for all cards before asking me to provide one? I'm up for trying to patch this myself, if somebody will point me in a rough direction :) Cheers, Valentin ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users