cache-timeout not working with smartcard

Marco Steinacher marco+gnupg at websource.ch
Wed Dec 16 16:27:29 CET 2009


Hi,

I'm using gnupg with an OpenPGP smartcard since a few days now and
basically it works very well. However, one thing bothers me a bit:
Neither the cache-timeout options (gpg-agent) nor the card-timeout
option (scdaemon) seem to work. I have set all timeouts to very low
values but the PIN is still cached forever (by the card?), as long as
the card is not removed and scdaemon is running. Sending SIGHUP to
scdaemon does not work either although the manpage is suggesting this.
Only killing scdaemon with SIGKILL helps. The LED on the card reader
(SCR-335) remains always on after using it for the first time. For keys
that are not on the smartcard the cache-timeout works correctly.

Another thing, which is probably connected to the cache problem, is that
I have to kill the scdaemon (with SIGKILL) after disconnecting and
reconnecting the card reader to get it working again. If I don't kill
scdaemon gnupg complains:

gpg: selecting openpgp failed: ec=6.32848
gpg: OpenPGP card not available: general error


Any ideas to resolve this? Are these problems card reader (SCR-335)
specific? I think the cache-timeout/card-timeout options are crucial for
security because without them it seems that the only way to prevent the
card from being unlocked all the time is to manually remove the card or
to kill the scdaemon.

Regards,
Marco









More information about the Gnupg-users mailing list