How to make GPG release the token?
Werner Koch
wk at gnupg.org
Thu Apr 26 10:43:17 CEST 2012
On Thu, 26 Apr 2012 06:49, quannguyen at mbm.vn said:
> I'm using GnuPG and OpenSC to test my token. Each time I've done using
> GPG, the OpenSC cannot access the token. I have to reboot the computer
> to use OpenSC.
GnuPG requires exclusive access to the card. The best way to work with
the card from applications with only an pkcs#11 interface is the use of
scute (apt-get install scute). Scute provides an pkcs#11 interface on
top of the GnuPG system.
> There is a way to make the GnuPG release the token completely after use?
Yes. Put this option into scdaemon.conf:
--card-timeout N
If N is not 0 and no client is actively using the card, the card will
be powered down after N seconds. Powering down the card avoids a
potential risk of damaging a card when used with certain cheap
readers. This also allows non Scdaemon aware applications to access
the card. The disadvantage of using a card timeout is that accessing
the card takes longer and that the user needs to enter the PIN again
after the next power up.
Note that with the current version of Scdaemon the card is powered
down immediately at the next timer tick for any value of N other
than 0.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list