PIN caching with gnupg-1.4.2-rc2 and gpg-agent 1.9.17

Joachim Breitner mail at
Fri Jul 15 12:33:51 CEST 2005


I just installed the newest versios of gnupg and gpg-agent.

When I sign a file with gnupg, daemon running, no scdaemon, it seems as
if gnupg asks the agent to ask me for the pin, but talks itself to the
card. When I repeat that, the agent obviously has already cached the PIN
and I don't have to enter it again. So far so good.

When I do enable scdaemon (using pcscd), signing works as well, but the
PIN does not seem to be cached: I have to enter it again.

Also, with scdaemon, there might be problems with other programs using
the smartcard, e.g. HBCI, but also libpam-poldi. Haven't investigated
that though.

A different issue: If the card is not inserted, gpg will ask to insert
the card on the prompt, expecting a keypress. This breaks usage with
e.g. evolution. IMHO, gnupg should just wait for the card to be
inserted, or for some timeout to run out, but not require user
interaction on the console. If user interaction, then via the
gpg-daemon, just like PIN entries.

I'm using it now without the scdaemon, otherwise everythings seems to be
ok, 'though I have not put thorough testing in it yet.

Greetings from DebConf, Helsinki,

Joachim "nomeata" Breitner
  mail: mail at | ICQ# 74513189 | GPG-Key: 4743206C
  JID: joachimbreitner at |
  Debian Developer: nomeata at
Please avoid sending me Word or PowerPoint attachments.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 310 bytes
Desc: This is a digitally signed message part
Url : /pipermail/attachments/20050715/14c529ca/attachment.pgp

More information about the Gnupg-devel mailing list