Non-interactive PIN not accepted, gpg hangs

Laurent Blume laurent at elanor.org
Wed Sep 30 11:20:27 CEST 2015


Le 2015/09/30 01:39 +0200, Niibe Yutaka a écrit:
> As far as I know, you can't provide a PIN by command line.
> 
> You can provide passphrase from file for symmetric encryption, though.
> 
> Instead, you can unlock your smartcard beforehand, interactively.

I really, really need it to be non-interactive. There's going to be a
bunch of critical processes depending on it, the point is replacing
passphrases stored in clear in scripts alongside keyrings. I thought PIN
(and the user PIN / admin PIN separation) would allow to do just that
more securely, so it's rather disappointing.
That it gets stuck and leaves zombies behind instead of gracefully
failing is not encouraging either.

> $ gpg-connect-agent "SCD CHECKPIN D276000124010200F517000000010000" /bye
>                                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> Please change this to your Application ID.  gpg --card-status shows it.
> 
> BTW, I got a report that RSA-4096 decryption doesn't work well on
> Nitrokey Pro.  If you are using RSA-4096 decryption on Nitrokey Pro
> successfully, please let us know.

Good to know. I'm not planning to use beyond 2048 for now, but I'll keep
it in mind in case requirements change.

Thanks for your reply,

Laurent


 



More information about the Gnupg-users mailing list