gpg-agent unable to see yubikey until manually re-running `gpg --card-status`

NIIBE Yutaka gniibe at fsij.org
Wed Jun 17 13:36:21 CEST 2015


On 06/17/2015 06:41 PM, Lance R. Vick wrote:
> "scd apdu 00 f1 00 00" is just a way to return a version number from
> a Yubikey GPG smartcard.

Thank you for clarification.  In that case, I think that adding
"learn" works.  Like:

  $ gpg-connect-agent --hex "learn" "scd apdu 00 f1 00 00" /bye

The "learn" command is something equivalent of "gpg --card-status"
internally.

> Any other GPG commands fail as well, such as sign/encrypt/auth,
> until 'gpg --card-status' is run to wake the card back up.

I think you mean any direct commands of gpg-agent.  Or there is some
confusion.

Gpg frontend certainly works well for --sign, --decrypt after you
remove your token and insert it again.  Please try:

(1) Insert token
(2) Run "gpg --card-status"
(3) Remove token
(4) Run "gpg --sign" or "gpg --decrypt"

SSH authentication also works well after removal/insertion.

Note that it all works for me with Gnuk Token or OpenPGPcard with a
card reader.

> I would expect that when I perform a gpg command, it should query
> gpg-agent, which sees the stub of my key, then starts up/refreshes
> scdaemon/gpg-agent as needed, detects card, executes my action
> against the card.

Yes, it does.

> Is there no way for a running gpg-agent to check for smartcard
> presence on the fly?

You can use "learn" command.  It fails if there's no smartcard/token.
-- 



More information about the Gnupg-users mailing list