[pkg-gnupg-maint] Bug#1038272: gnupg: connecting both a regular smartcard and a solokey v2 drastically increases gpg's response time

Louis-Philippe Véronneau pollo at debian.org
Fri Jun 16 23:32:54 BST 2023 

Package: gnupg
Version: 2.2.40-1.1
Severity: normal	

Dear maintainers,

I recently purchased a Solokey v2, which does not support OpenPGP (but 
does support PIV).

Although this is the case, when both my regular smartcard (a nitrokey 
start) and the Solokey v2 are plugged in, gpg seems to get "confused" 
and takes a while to answer back (almost as if it took multiple seconds 
to recognise the solokey v2 isn't supported).

This is "Not Very Nice" as it drastically increases the time it takes to 
sign git commits when both keys are plugged in :(

With both keys plugged in (my password is cached):

--------------------------------------------------------------
foo at bar:/tmp$ time gpg --sign testfile.txt

real	0m21,632s
user	0m0,006s
sys	0m0,003s
--------------------------------------------------------------

With only the smartcard plugged in:

--------------------------------------------------------------
foo at bar:/tmp$ time gpg --sign testfile.txt

real	0m0,053s
user	0m0,003s
sys	0m0,004s
--------------------------------------------------------------

The same thing happens when I try to run `gpg --edit-card`, or when 
Thunderbird (which I configured to use gpg) tries to sign an email.

I understand this behavior could be difficult to reproduce on your side, 
since the Solokey v2 isn't publicly available yet (it's in the last 
crowdfunding fulfillment steps).

Since I'm not very familiar with debugging GPG, I haven't included any 
relevant info, but I'll be glad to run whatever commands you need me to 
on my side.

Cheers,

-- 
   ⢀⣴⠾⠻⢶⣦⠀
   ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
   ⢿⡄⠘⠷⠚⠋   pollo at debian.org / veronneau.org
   ⠈⠳⣄
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE1E5457C8BAD4113.asc
Type: application/pgp-keys
Size: 4207 bytes
Desc: OpenPGP public key
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20230616/93e0aaec/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20230616/93e0aaec/attachment.sig>

More information about the pkg-gnupg-maint mailing list