Do smartcards stay unlocked forever by design?

Grant Olson kgo at
Mon Jan 17 22:03:03 CET 2011

Hey all,

I've been using a smartcard for several months now.  It's a cryptostick
if the model is important.  Every time I sign something, it asks me for
my pin.  But once the card is unlocked, ssh authentication and
decryption seem to happen forever, regardless of any ttl-cache settings
in gpg-agent.conf.  I just want to make sure I understand the semantics

It seems:

1) Once I enter my pin, the card is unlocked as long as it's connected.

2) I get prompted when making a signature because the sig counter gets
incremented, and that's a write operation to the card.  Decrypting and
authenticating don't prompt because the operations don't write to the card.

3) The proper way to 'lock' the card is to remove it from the reader.

Is this correct?


"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 559 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110117/7aad963d/attachment-0001.pgp>

More information about the Gnupg-users mailing list