[pkg-gnupg-maint] Bug#864788: Bug#864788: cache TTL values ignored for smartcard PINs
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Jun 15 15:43:06 UTC 2017
On Wed 2017-06-14 23:26:22 +0200, martin f krafft wrote:
> also sprach Teemu Likonen <tlikonen at iki.fi> [2017-06-14 22:48 +0200]:
>> That's because the OpenPGP card (Yubikey) itself goes to authenticated
>> mode and don't require the PIN anymore.
>
> If that's the case — thanks for putting it so concisely — then why
> does killing gpg-agent mean having to enter a PIN the next time
> around?
I believe that killing gpg-agent kills scdaemon, which de-initializes
the smartcard on shutdown, which takes it out of authenticated mode.
I suppose that scdaemon could be taught to de-initialize the smartcard
after expiration of the ttl, though. maybe gniibe (cc'ed) could comment
on whether that's feasible or not. it would be nice to have the
semantics of the cache ttl be the same, regardless of whether a key is
stored on a smartcard or not.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170615/2d34c2ca/attachment.sig>
More information about the pkg-gnupg-maint
mailing list