Smartcard Hotplug?

Marc Mercer mmercer at twinprime.com
Tue Nov 3 23:06:10 CET 2015


GPG Developers,
Hello.  I am hoping one of you might be able to provide some insight into
an issue I am having.  First, I will admit that I know this is not normally
where I would hope to find assistance, and that I should try the
gnupg-users list.  I have, and have not received any response there, or had
any luck in the freenode IRC room other than to direct me here.

Second, I appreciate any possible insight or ideas that may result from
this.

--
OSX:
We use gpg-agent with smartcards to establish ssh connections, so of
course,  --enable-ssh-support is being used.  In OSX, the behavior is as I
expect... plug the card in, the agent loads the SC data, caches the *pin*
after you have entered it, etc.  When you unplug, it removes the cached
data, and of course also loses access to the SC itself, so no more secure
key.  Now, plug it back in, and the agent is able to reload the key data
(not the pin of course).  This is how I *expect* it to work.

Fedora/Other Linuxes:
When we use the same setup as above, we get similar results, but with one
major difference.  On the linux distributions, I have been forced to kill
the gpg-agent and restart it to force the agent to reload the "replugged"
card.  Everything else works, except the "hotplug" support.

I have been unable to find any setting or any information about what to do
regarding the hotplug support, it isn't documented anywhere, and I can't
seem to find a flag to pass in gpg-agent.conf or to the cli...

Any insight into how to fix this issue on the linux distributions (even if
I have to work with the packaging team for fedora, and submit bugs to
ubuntu to package with the proper one) would be greatly appreciated.

Additional info:
GPG on OSX:  GPG2-2.0.29
GPG on Fedora: GPG2-2.19
GPG on Ubuntu: GPG2-2.0.22

Thanks!

Marc Mercer | *DevOps Architect*
M: (408) 470 - 9256 | E: mmercer at twinprime.com
805 Veterans Blvd, Redwood City CA 94063 | http://www.twinprime.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20151103/4a00d82e/attachment.html>


More information about the Gnupg-devel mailing list