gpg-agent unable to see yubikey until manually re-running `gpg --card-status`
Lance R. Vick
lance at lrvick.net
Wed Jun 17 11:41:35 CEST 2015
"scd apdu 00 f1 00 00" is just a way to return a version number from a
Yubikey GPG smartcard. Any other GPG commands fail as well, such as
sign/encrypt/auth, until 'gpg --card-status' is run to wake the card back
up.
I would expect that when I perform a gpg command, it should query
gpg-agent, which sees the stub of my key, then starts up/refreshes
scdaemon/gpg-agent as needed, detects card, executes my action against the
card.This works on a first insertion as-is, just not on a
removal/re-insertion.
Is there no way for a running gpg-agent to check for smartcard presence on
the fly?
On Wed, Jun 17, 2015 at 4:55 AM, NIIBE Yutaka <gniibe at fsij.org> wrote:
> Hello,
>
> On 06/17/2015 07:41 AM, Lance R. Vick wrote:
> > Every time I insert my yubikey into a system I must do 'gpg
> > --card-status' to make gpg-agent aware it exists again.
>
> Please pardon my ignorance, I don't have Yubikey at hand.
>
> Is the following common use cases of Yubikey?
>
> > Using: gpg/gpg-agent 2.1.4
> >
> > Expected Results:
> >
> > 1. Insert yubikey
> > 2. Issue version command to gpg agent
> > 3. Version is reported
> > 4. Remove and re-insert key
> > 5. Issue version command to gpg agent
> > 6. version is reported
>
> And... is the following to get version of Yubikey?
>
> > [lrvick at tsar ~]$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
> > D[0000] 01 00 08 90 00 .....
> > OK
>
> Yes, it only works after gpg --card-status or something.
>
> In the current implementation, gpg-agent invokes scdaemon on demand.
> (gpg-agent doesn't detect insertion of device or card.)
>
> I don't understand from where "scd apdu 00 f1 00 00" came.
>
> Could you please share the reason why you consider it works well?
> --
>
--
Lance R. Vick
__________________________________________________
Cell - 407.283.7596
Gtalk - lance at lrvick.net
Website - http://lrvick.net
PGP Key - http://lrvick.net/0x36C8AAA9.asc
keyserver - subkeys.pgp.net
__________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150617/86e11a2c/attachment.html>
More information about the Gnupg-users
mailing list