Smartcard power-down

NIIBE Yutaka gniibe at fsij.org
Thu Sep 10 03:13:13 CEST 2015


On 09/10/2015 05:57 AM, the2nd at otpme.org wrote:
> pointing out that a "gpgconf --reload scdaemon" should power-down a
> connected smartcard and thus lead to re-asking the PIN. I've tried
> this with a yubikey neo but does not work. I've also tried sending
> SIGHUP to scdaemon as well as gpg-agent but i never get re-asked for
> the PIN when doing a ssh login. After restarting gpg-agent i always
> get asked for the PIN so it seems to work in general. Is there
> anything i can check?

I'm sorry, now, "gpgconf --reload scdaemon" doesn't work in GnuPG 2.0,
because of a bug.

For a while, please do:

   $ gpg-connect-agent "SCD KILLSCD" "SCD BYE" /bye

This stops scdaemon.


I've just committed the fix to 2.0 branch.

    gpgconf: Fix scdaemon reload.

    * tools/gpgconf-comp.c (scdaemon_runtime_change): Add "scd bye".

    --

    In GnuPG 2.0.x, it doesn't require newer libassuan which has
    ASSUAN_FORCE_CLOSE feature.  We need to send "scd bye" to let
    the control finish from command loop.

diff --git a/tools/gpgconf-comp.c b/tools/gpgconf-comp.c
index 2454f93..69d160e 100644
--- a/tools/gpgconf-comp.c
+++ b/tools/gpgconf-comp.c
@@ -1064,7 +1064,7 @@ scdaemon_runtime_change (void)
 {
   gpg_error_t err;
   const char *pgmname;
-  const char *argv[6];
+  const char *argv[7];
   pid_t pid;

   /* We use "GETINFO app_running" to see whether the agent is already
@@ -1077,8 +1077,9 @@ scdaemon_runtime_change (void)
   argv[1] = "GETINFO scd_running";
   argv[2] = "/if ${! $?}";
   argv[3] = "scd killscd";
-  argv[4] = "/end";
-  argv[5] = NULL;
+  argv[4] = "scd bye";
+  argv[5] = "/end";
+  argv[6] = NULL;

   err = gnupg_spawn_process_fd (pgmname, argv, -1, -1, -1, &pid);
   if (!err)
-- 



More information about the Gnupg-users mailing list