Presetting passphrases when using scdaemon
jason.franklin at quoininc.com
Wed Dec 11 19:00:18 CET 2019
I am trying to use the gpg-connect-agent tool to preset passphrases for
private keys that are stored on a GnuPG smart card.
My current workflow to test this process works like this:
(the "[...]" is where the passphrase should go as a hex string)
$ gpgconf --kill gpg-agent # scdaemon also killed
$ gpg-connect-agent # starts gpg-agent and connects
> PRESET_PASSPHRASE 73B8E934293926BA494E280D11E8B9EA2926A723 -1 [...]
> PRESET_PASSPHRASE 671CB3A7B36410552D08BABA2300C27142714DAB -1 [...]
> PRESET_PASSPHRASE 49773C7DC8414E61642B3BBAE2C8E489AAA3837B -1 [...]
> PRESET_PASSPHRASE 410D756490AA179AC5D94D3870108CC90C7A3500 -1 [...]
$ gpg --encrypt foo # encrypt a file
$ gpg -o foo.out -d foo.gpg # decrypt to test access to key from card
At this point, I get a pinentry prompt. Having preset the passphrase
already, I would have expected that the encrypt/decrypt operations would
have worked just fine without requiring me to enter my PIN.
Why am I not able to preset passphrases for keys that are stored on the
smart card? What am I missing?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 659 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel