gpg-agent unable to see yubikey until manually re-running `gpg --card-status`
NIIBE Yutaka
gniibe at fsij.org
Wed Jun 17 13:36:21 CEST 2015
On 06/17/2015 06:41 PM, Lance R. Vick wrote:
> "scd apdu 00 f1 00 00" is just a way to return a version number from
> a Yubikey GPG smartcard.
Thank you for clarification. In that case, I think that adding
"learn" works. Like:
$ gpg-connect-agent --hex "learn" "scd apdu 00 f1 00 00" /bye
The "learn" command is something equivalent of "gpg --card-status"
internally.
> Any other GPG commands fail as well, such as sign/encrypt/auth,
> until 'gpg --card-status' is run to wake the card back up.
I think you mean any direct commands of gpg-agent. Or there is some
confusion.
Gpg frontend certainly works well for --sign, --decrypt after you
remove your token and insert it again. Please try:
(1) Insert token
(2) Run "gpg --card-status"
(3) Remove token
(4) Run "gpg --sign" or "gpg --decrypt"
SSH authentication also works well after removal/insertion.
Note that it all works for me with Gnuk Token or OpenPGPcard with a
card reader.
> I would expect that when I perform a gpg command, it should query
> gpg-agent, which sees the stub of my key, then starts up/refreshes
> scdaemon/gpg-agent as needed, detects card, executes my action
> against the card.
Yes, it does.
> Is there no way for a running gpg-agent to check for smartcard
> presence on the fly?
You can use "learn" command. It fails if there's no smartcard/token.
--
More information about the Gnupg-users
mailing list