Problems loading an authentication key from a USB Crypto-Stick
Todd A. Jacobs
codegnome.consulting+gnupg.org at gmail.com
Sat Mar 3 22:16:14 CET 2012
On Sun, Feb 26, 2012 at 11:50 AM, Todd A. Jacobs wrote:
>
> # Prompts twice for password to clearsign.
> echo foo | gpg --clearsign; echo foo | gpg --clearsign
>
> So, the keychain problem seems to be resolved, in that gpg-agent is now
> reading the SSH authentication key off the CryptoStick and handing it off
> to ssh-agent, but gpg-agent is still not caching passphrases for signing
> activities, which seems rather critical to its usefulness. :)
>
This problem was actually being caused by settings on the smartcard itself.
The "Signature PIN" of a new CryptoStick (and the OpenPGP smartcards in
general) seems to default to a forced PIN entry on signing, which prevents
the gpg-agent from cached authentication of signature tasks.
So, to fix this:
gpg2 --card-edit -> admin -> forcesig
and then make sure that:
gpg2 --card-status | egrep '^Signature PIN.*not forced$'
is true. Hope that helps someone else out, too!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120303/2a75a426/attachment.htm>
More information about the Gnupg-users
mailing list