[pkg-gnupg-maint] Bug#864788: cache TTL values ignored for smartcard PINs

Teemu Likonen tlikonen at iki.fi
Wed Jun 14 20:48:19 UTC 2017

martin f. krafft [2017-06-14 22:13:16+02] wrote:

> While normal gpg-agent operation regarding --default-cache-ttl and
> --max-cache-ttl is exactly as documented, these values are completely
> ignored when using keys stored on a Yubikey (a GPG 2.1 compatible
> smartcard). Instead, the PIN seems to be cached forever, including
> across system suspends.

That's because the OpenPGP card (Yubikey) itself goes to authenticated
mode and don't require the PIN anymore. The PIN is not cached at all in
gpg-agent so its config TTL values don't work. NIIBE Yutaka explains it
a bit in here:


/// Teemu Likonen   - .-..   <https://keybase.io/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170614/327b285a/attachment.sig>

More information about the pkg-gnupg-maint mailing list