gpg-agent unable to see yubikey until manually re-running `gpg --card-status`
Lance R. Vick
lance at lrvick.net
Wed Jun 17 11:41:35 CEST 2015
"scd apdu 00 f1 00 00" is just a way to return a version number from a
Yubikey GPG smartcard. Any other GPG commands fail as well, such as
sign/encrypt/auth, until 'gpg --card-status' is run to wake the card back
I would expect that when I perform a gpg command, it should query
gpg-agent, which sees the stub of my key, then starts up/refreshes
scdaemon/gpg-agent as needed, detects card, executes my action against the
card.This works on a first insertion as-is, just not on a
Is there no way for a running gpg-agent to check for smartcard presence on
On Wed, Jun 17, 2015 at 4:55 AM, NIIBE Yutaka <gniibe at fsij.org> wrote:
> On 06/17/2015 07:41 AM, Lance R. Vick wrote:
> > Every time I insert my yubikey into a system I must do 'gpg
> > --card-status' to make gpg-agent aware it exists again.
> Please pardon my ignorance, I don't have Yubikey at hand.
> Is the following common use cases of Yubikey?
> > Using: gpg/gpg-agent 2.1.4
> > Expected Results:
> > 1. Insert yubikey
> > 2. Issue version command to gpg agent
> > 3. Version is reported
> > 4. Remove and re-insert key
> > 5. Issue version command to gpg agent
> > 6. version is reported
> And... is the following to get version of Yubikey?
> > [lrvick at tsar ~]$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye
> > D 01 00 08 90 00 .....
> > OK
> Yes, it only works after gpg --card-status or something.
> In the current implementation, gpg-agent invokes scdaemon on demand.
> (gpg-agent doesn't detect insertion of device or card.)
> I don't understand from where "scd apdu 00 f1 00 00" came.
> Could you please share the reason why you consider it works well?
Lance R. Vick
Cell - 407.283.7596
Gtalk - lance at lrvick.net
Website - http://lrvick.net
PGP Key - http://lrvick.net/0x36C8AAA9.asc
keyserver - subkeys.pgp.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users