cache-timeout not working with smartcard
Werner Koch
wk at gnupg.org
Wed Dec 16 19:38:47 CET 2009
On Wed, 16 Dec 2009 16:27:29 +0100, Marco Steinacher wrote:
> option (scdaemon) seem to work. I have set all timeouts to very low
> values but the PIN is still cached forever (by the card?), as long as
There is no cache for a PIN. A card is usually unlocked after the PIN
as been given until the card is powered down. Thus is seems that
there is a cache.
You can power down the card using the option
@item --card-timeout @var{n}
@opindex card-timeout
If @var{n} is not 0 and no client is actively using the card, the card
will be powered down after @var{n} seconds. Powering down the card
avoids a potential risk of damaging a card when used with certain
cheap readers. This also allows non Scdaemon aware applications to
access the card. The disadvantage of using a card timeout is that
accessing the card takes longer and that the user needs to enter the
PIN again after the next power up.
Note that with the current version of Scdaemon the card is powered
down immediately at the next timer tick for any value of @var{n} other
than 0.
> Another thing, which is probably connected to the cache problem, is that
> I have to kill the scdaemon (with SIGKILL) after disconnecting and
Better use "gpgconf --reload scdaemon".
I know about this probelm and it is really very annoying if you use
one of these ID-000 USB reader sticks becuase with them you don't
remove the card but the reader.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list