Presetting passphrases when using scdaemon
Franklin, Jason
jason.franklin at quoininc.com
Wed Dec 11 19:00:18 CET 2019
Greetings,
I am trying to use the gpg-connect-agent tool to preset passphrases for
private keys that are stored on a GnuPG smart card.
My current workflow to test this process works like this:
(the "[...]" is where the passphrase should go as a hex string)
$ gpgconf --kill gpg-agent # scdaemon also killed
$ gpg-connect-agent # starts gpg-agent and connects
> PRESET_PASSPHRASE 73B8E934293926BA494E280D11E8B9EA2926A723 -1 [...]
OK
> PRESET_PASSPHRASE 671CB3A7B36410552D08BABA2300C27142714DAB -1 [...]
OK
> PRESET_PASSPHRASE 49773C7DC8414E61642B3BBAE2C8E489AAA3837B -1 [...]
OK
> PRESET_PASSPHRASE 410D756490AA179AC5D94D3870108CC90C7A3500 -1 [...]
OK
> /bye
$ gpg --encrypt foo # encrypt a file
$ gpg -o foo.out -d foo.gpg # decrypt to test access to key from card
At this point, I get a pinentry prompt. Having preset the passphrase
already, I would have expected that the encrypt/decrypt operations would
have worked just fine without requiring me to enter my PIN.
Why am I not able to preset passphrases for keys that are stored on the
smart card? What am I missing?
--
Jason Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20191211/2ea59a19/attachment.sig>
More information about the Gnupg-devel
mailing list