gpg-agent PIN cache

Joerg Schmitz-Linneweber joerg at schmitz-linneweber.de
Wed Oct 5 20:10:22 CEST 2005 

Hi Werner, hi all!

I've a problem with "PIN keeping" in gpg-agent (version numbers below).
Everythings works fine: I start up gpg-agent:
# eval `gpg-agent -v --enable-ssh-support --daemon \ 
--log-file /home/jsl/ga.log --debug-level expert --default-cache-ttl-ssh\ 
20000`
and I can see my "new" key on the card:
# ssh-add -l
1024 e5:f9:3c:fc:04:0e:b4:b4:75:98:72:cf:d5:df:96:cb cardno:000mynumber (RSA)

Now I can "ssh" to any where my pkey is registered. Good.
The first time i try to use the key, the pinentry(-qt) comes up and asks for 
the PIN.
But the problem is: The second time and ever on, pinentry comes up and asks 
for my PIN! Although I said "cache ttl for ssh should be some hours..."

Does anyone know why gpg-agent/pinentry does so?

Here is a log of two "ssh sessions":

--- snip ------------------------------------------
2005-10-05 19:51:59 gpg-agent[8885] Es wird auf Socket 
`/tmp/gpg-kvPjWi/S.gpg-agent' gehört
2005-10-05 19:51:59 gpg-agent[8885] Es wird auf Socket 
`/tmp/gpg-RXfxR6/S.gpg-agent.ssh' gehört
2005-10-05 19:52:04 gpg-agent[8886] SSH Handhabungsroutine 0x8083b88 für fd 0 
gestartet
2005-10-05 19:52:04 gpg-agent[8886] ssh request handler for request_identities 
(11) started
2005-10-05 19:52:04 gpg-agent[8886] no running SCdaemon - starting it
2005-10-05 19:52:04 gpg-agent[8886] DBG: first connection to SCdaemon 
established
2005-10-05 19:52:04 gpg-agent[8886] DBG: additional connections at 
`/tmp/gpg-0HjfQH/S.scdaemon'
2005-10-05 19:52:05 gpg-agent[8886] ssh request handler for request_identities 
(11) ready
2005-10-05 19:52:05 gpg-agent[8886] ssh request handler for sign_request (13) 
started
2005-10-05 19:52:05 gpg-agent[8886] DBG: detected card with S/N
"my number" :-)
2005-10-05 19:52:05 gpg-agent[8886] starting a new PIN Entry
2005-10-05 19:52:05 gpg-agent[8886] DBG: connection to PIN entry established
2005-10-05 19:52:06 gpg-agent[8886] SIGUSR2 received - checking smartcard 
status
2005-10-05 19:52:09 gpg-agent[8886] ssh request handler for sign_request (13) 
ready
2005-10-05 19:52:09 gpg-agent[8886] SSH Handhabungsroutine 0x8083b88 für fd 0 
beendet
2005-10-05 19:52:45 gpg-agent[8886] SSH Handhabungsroutine 0x8083b88 für fd 0 
gestartet
2005-10-05 19:52:45 gpg-agent[8886] ssh request handler for request_identities 
(11) started
2005-10-05 19:52:45 gpg-agent[8886] new connection to SCdaemon established 
(reusing)
2005-10-05 19:52:46 gpg-agent[8886] ssh request handler for request_identities 
(11) ready
2005-10-05 19:52:46 gpg-agent[8886] ssh request handler for sign_request (13) 
started
2005-10-05 19:52:46 gpg-agent[8886] DBG: detected card with S/N 
"again my number" :-)
2005-10-05 19:52:46 gpg-agent[8886] starting a new PIN Entry
2005-10-05 19:52:47 gpg-agent[8886] DBG: connection to PIN entry established
2005-10-05 19:52:50 gpg-agent[8886] ssh request handler for sign_request (13) 
ready
2005-10-05 19:52:51 gpg-agent[8886] SSH Handhabungsroutine 0x8083b88 für fd 0 
beendet
2005-10-05 20:02:15 gpg-agent[8886] SSH Handhabungsroutine 0x8083b88 für fd 0 
gestartet
2005-10-05 20:02:15 gpg-agent[8886] ssh request 1 is not supported
2005-10-05 20:02:15 gpg-agent[8886] ssh request handler for request_identities 
(11) started
2005-10-05 20:02:15 gpg-agent[8886] new connection to SCdaemon established 
(reusing)
2005-10-05 20:02:16 gpg-agent[8886] ssh request handler for request_identities 
(11) ready
2005-10-05 20:02:16 gpg-agent[8886] SSH Handhabungsroutine 0x8083b88 für fd 0 
beendet
--- snip ------------------------------------------

Here are the versions used...

# gpg2 --version
gpg (GnuPG) 1.9.19
# scdaemon --version
scdaemon (GnuPG) 1.9.19
# gpg-agent --version
gpg-agent (GnuPG) 1.9.19
# pinentry --version
pinentry-qt (pinentry) 0.7.3-cvs
# libgcrypt-config --version
1.3.0-cvs
# libassuan-config --version
0.6.11-cvs
# pth-config --version
GNU Pth 2.0.5 (05-Oct-2005)
# ksba-config --version
0.9.12
# gpg-error-config --version
1.1

Did I miss something? ;-)

Thank you very much in advance! Salut, Jörg

-- 
gpg/pgp key # 0xd7fa4512
fingerprint 4e89 6967 9cb2 f548 a806  7e8b fcf4 2053 d7fa 4512
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20051005/a6fa6940/attachment.pgp

More information about the Gnupg-users mailing list