gpg-agent unable to see yubikey until manually re-running `gpg --card-status`

Lance R. Vick lance at lrvick.net
Wed Jun 17 11:41:35 CEST 2015


"scd apdu 00 f1 00 00" is just a way to return a version number from a
Yubikey GPG smartcard. Any other GPG commands fail as well, such as
sign/encrypt/auth, until 'gpg --card-status'  is run to wake the card back
up.

I would expect that when I perform a gpg command, it should query
gpg-agent, which sees the stub of my key, then starts up/refreshes
scdaemon/gpg-agent as needed, detects card, executes my action against the
card.This works on a first insertion as-is, just not on a
removal/re-insertion.

Is there no way for a running gpg-agent to check for smartcard presence on
the fly?


On Wed, Jun 17, 2015 at 4:55 AM, NIIBE Yutaka <gniibe at fsij.org> wrote:

> Hello,
>
> On 06/17/2015 07:41 AM, Lance R. Vick wrote:
> > Every time I insert my yubikey into a system I must do 'gpg
> > --card-status' to make gpg-agent aware it exists again.
>
> Please pardon my ignorance, I don't have Yubikey at hand.
>
> Is the following common use cases of Yubikey?
>
> > Using: gpg/gpg-agent 2.1.4
> >
> > Expected Results:
> >
> > 1. Insert yubikey
> > 2. Issue version command to gpg agent
> > 3. Version is reported
> > 4. Remove and re-insert key
> > 5. Issue version command to gpg agent
> > 6. version is reported
>
> And... is the following to get version of Yubikey?
>
> > [lrvick at tsar ~]$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
> > D[0000]  01 00 08 90 00                                     .....
> > OK
>
> Yes, it only works after gpg --card-status or something.
>
> In the current implementation, gpg-agent invokes scdaemon on demand.
> (gpg-agent doesn't detect insertion of device or card.)
>
> I don't understand from where "scd apdu 00 f1 00 00" came.
>
> Could you please share the reason why you consider it works well?
> --
>



-- 
Lance R. Vick
__________________________________________________
Cell      -  407.283.7596
Gtalk     -  lance at lrvick.net
Website   -  http://lrvick.net
PGP Key   -  http://lrvick.net/0x36C8AAA9.asc
keyserver -  subkeys.pgp.net
__________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150617/86e11a2c/attachment.html>


More information about the Gnupg-users mailing list