How to make GPG release the token?

Werner Koch wk at
Thu Apr 26 10:43:17 CEST 2012

On Thu, 26 Apr 2012 06:49, quannguyen at said:

> I'm using GnuPG and OpenSC to test my token. Each time I've done using
> GPG, the OpenSC cannot access the token. I have to reboot the computer
> to use OpenSC.

GnuPG requires exclusive access to the card.  The best way to work with
the card from applications with only an pkcs#11 interface is the use of
scute (apt-get install scute).  Scute provides an pkcs#11 interface on
top of the GnuPG system.

> There is a way to make the GnuPG release the token completely after use?

Yes.  Put this option into scdaemon.conf:

  --card-timeout N

  If N is not 0 and no client is actively using the card, the card will
  be powered down after N seconds.  Powering down the card avoids a
  potential risk of damaging a card when used with certain cheap
  readers.  This also allows non Scdaemon aware applications to access
  the card.  The disadvantage of using a card timeout is that accessing
  the card takes longer and that the user needs to enter the PIN again
  after the next power up.
  Note that with the current version of Scdaemon the card is powered
  down immediately at the next timer tick for any value of N other
  than 0.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list