Presetting passphrases when using scdaemon

Franklin, Jason jason.franklin at
Wed Dec 11 19:00:18 CET 2019


I am trying to use the gpg-connect-agent tool to preset passphrases for
private keys that are stored on a GnuPG smart card.

My current workflow to test this process works like this:

(the "[...]" is where the passphrase should go as a hex string)

$ gpgconf --kill gpg-agent  # scdaemon also killed
$ gpg-connect-agent         # starts gpg-agent and connects
> PRESET_PASSPHRASE 73B8E934293926BA494E280D11E8B9EA2926A723 -1 [...]
> PRESET_PASSPHRASE 671CB3A7B36410552D08BABA2300C27142714DAB -1 [...]
> PRESET_PASSPHRASE 49773C7DC8414E61642B3BBAE2C8E489AAA3837B -1 [...]
> PRESET_PASSPHRASE 410D756490AA179AC5D94D3870108CC90C7A3500 -1 [...]
> /bye
$ gpg --encrypt foo  # encrypt a file
$ gpg -o foo.out -d foo.gpg  # decrypt to test access to key from card

At this point, I get a pinentry prompt.  Having preset the passphrase
already, I would have expected that the encrypt/decrypt operations would
have worked just fine without requiring me to enter my PIN.

Why am I not able to preset passphrases for keys that are stored on the
smart card?  What am I missing?

Jason Franklin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-devel mailing list