[pkg-gnupg-maint] Bug#701062: scdaemon: card-timeout doesn't work
Yves-Alexis Perez
corsac at debian.org
Mon Sep 1 20:32:27 BST 2025
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, 2013-02-21 at 07:55 +0100, Yves-Alexis Perez wrote:
>
> My current use case is ssh (with enable-ssh-support of gpg-agent) where
> I'd like to prevent the card to be used without my knowledge. force-sign
> on the card itself provides it for signature, not for
> decryption/authentication.
>
> card-timeout is supposed to do something like that, but it fails here
> somehow.
I'm replying to myself more than 10 years after, in case someones stumbles
upon this. When using PC/SC shared mode scdaemon won't cache the PIN and thus
require it for each operation (ssh authentication), fixing the initial issue.
To do that add to .scdaemon.conf
disable-ccid # disable internal smartcard support to use PCSC
pcsc-shared # use PCSC in shared mode
Then gpgconf --kill scdaemon.
It's not perfect, see #1113729 for drawbacks.
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmi19MsACgkQ3rYcyPpX
RFulZggAvvMWc9vq9cVkcp6sLBQ6ynw51/vn8+jxsQAF30dag1k6N2cx1byGV1aT
gB1lnNpjB7PkT7UzfrZc9ngyrmXxB6F92I51YH/Sr5lfvBUvCp7xmyROyIOR3fyl
ZP7OKvCLRiAfUrbcIcqo7UO955tqk07FTx/bzEREbHfbCm31+3rkh026V5laEcw1
8uXl8W7BJCGp7nxSUXga2QNrRrA8E5RMAlfE/Vf8iBeDiFSEwVCZUVktJPCz6gHn
EVF24PqwpU/vmjkjs8g/LGe4vv6KGLALHFf+77zWPKU9Wwq4G2GNMlu+8YtnC53T
JA8oEHSZRcZjwHqdE2sTvoVHI02lpg==
=YRK9
-----END PGP SIGNATURE-----
More information about the pkg-gnupg-maint
mailing list