Detecting and flushing cached pin in gpg-agent from gpgme
wk at gnupg.org
Mon Jul 4 12:37:00 CEST 2016
On Mon, 4 Jul 2016 12:02, joakim.lundborg at gmail.com said:
> Now I would like to improve my app by giving the user an indication of
> whether or not the password for the gpg key used for encrypting the
> passwords is currently cached in gpg-agent. I also would like to flush
That can only be an estimation but it is possible:
gpg-connect-agent 'help keyinfo' /bye
which outputs a line
# KEYINFO <keygrip> <type> <serialno> <idstr> <cached> <protection> <fpr>
# CACHED is 1 if the passphrase for the key was found in the key cache.
# If not, a '-' is used instead.
> I couldn't find APIs for this in gpgme or in gpg, unless I'm missing
You can directly connect to gpg-agent. Use gpa/src/cardman.c as an
err = gpgme_new (&cardman->gpgagent);
err = gpgme_set_protocol (cardman->gpgagent, GPGME_PROTOCOL_ASSUAN);
if (gpg_err_code (err) == GPG_ERR_INV_VALUE)
gpa_window_error (_("The GPGME library is too old to "
"support smartcards."), NULL);
cardman->gpgagent = NULL;
You run commands this way:
if (!gpgme_op_assuan_transact_ext (cardman->gpgagent,
NULL, NULL, NULL, NULL,
NULL, NULL, &operr)
In this example the gpg-agent is asked to send scdaemon a restart
command. Unfortunately we do not have documentation for this API, thus
I can for now only refer to gpa as an example and looking into the code
of gpgme (gpgme/src/opassuan.c).
> something. For flushing, it seems to be possible to use send HUP
> signals to the gpg-agent process, but this seems a bit brutal, and is
> also reported to not work 
I use it all the time. Either pkill -1 gpg-agent or the platform
independet "gpgconf --reload gpg-agent". The latter does a
gpg-connect-agent --no-autostart REALODAGENT </dev/null
> echo RELOADAGENT | gpg-connect-agent
gpg-connect-agent RELOADAGENT /bye
or use it interactive. The normal mode is to run the commands given on
the command line and then fall into interactive mode; the /bye avoids
the fallback to interactive mode.
You may also use
to directly connect to the dirmngr in the same way gpg does it. To
access scdameon you should go via gpg-agent by prefixing scsaemon
command with "SCD " (you may also use lowercase command names).
All Assuan servers support "HELP" to list all comamnds and for most
commands you can do "HELP commandname".
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* Join us at OpenPGP.conf <https://openpgp-conf.org> */
More information about the Gnupg-devel