cache-timeout not working with smartcard

Werner Koch wk at
Wed Dec 16 19:38:47 CET 2009

On Wed, 16 Dec 2009 16:27:29 +0100, Marco Steinacher wrote:

> option (scdaemon) seem to work. I have set all timeouts to very low
> values but the PIN is still cached forever (by the card?), as long as

There is no cache for a PIN.  A card is usually unlocked after the PIN
as been given until the card is powered down.   Thus is seems that
there is a cache.

You can power down the card using the option

  @item --card-timeout @var{n}
  @opindex card-timeout
  If @var{n} is not 0 and no client is actively using the card, the card
  will be powered down after @var{n} seconds.  Powering down the card
  avoids a potential risk of damaging a card when used with certain
  cheap readers.  This also allows non Scdaemon aware applications to
  access the card.  The disadvantage of using a card timeout is that
  accessing the card takes longer and that the user needs to enter the
  PIN again after the next power up.
  Note that with the current version of Scdaemon the card is powered
  down immediately at the next timer tick for any value of @var{n} other
  than 0.
> Another thing, which is probably connected to the cache problem, is that
> I have to kill the scdaemon (with SIGKILL) after disconnecting and

Better use "gpgconf --reload scdaemon".

I know about this probelm and it is really very annoying if you use
one of these ID-000 USB reader sticks becuase with them you don't
remove the card but the reader.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list