Problems loading an authentication key from a USB Crypto-Stick

Todd A. Jacobs at
Sat Mar 3 22:16:14 CET 2012

On Sun, Feb 26, 2012 at 11:50 AM, Todd A. Jacobs wrote:

> # Prompts twice for password to clearsign.
> echo foo | gpg --clearsign; echo foo | gpg --clearsign
> So, the keychain problem seems to be resolved, in that gpg-agent is now
> reading the SSH authentication key off the CryptoStick and handing it off
> to ssh-agent, but gpg-agent is still not caching passphrases for signing
> activities, which seems rather critical to its usefulness. :)

This problem was actually being caused by settings on the smartcard itself.
The "Signature PIN" of a new CryptoStick (and the OpenPGP smartcards in
general) seems to default to a forced PIN entry on signing, which prevents
the gpg-agent from cached authentication of signature tasks.

So, to fix this:

gpg2 --card-edit -> admin -> forcesig

and then make sure that:

gpg2 --card-status | egrep '^Signature PIN.*not forced$'

is true. Hope that helps someone else out, too!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120303/2a75a426/attachment.htm>

More information about the Gnupg-users mailing list