Yubikey + GNUPG 2.1.14 + GPG Agent Forwarding + Mutt 1.6.0 (gpgme 1.6.0): Not asking for PIN for smartcard on first use of an encryption key

Thomas Glanzmann thomas at glanzmann.de
Wed Jul 20 10:06:05 CEST 2016

I have yubikey 4 plugged into my Laptop, than I use ssh to forward my
gpg agent socket to a remote machine, On the remote machine I start mutt
and would like to read an encrypted email using the RSA encryption key
stored on my yubikey. It works if I use gpg2 to enter the pin by opening
an encrypted file using the same encryption key. Mutt does _not_ prompt
me to enter the pin for the smartcard. I assume that code is missing in
mutt to prompt for the key. Is there any documentation or another
possible simple example how to obtain that so that I can write a patch
for mutt?

My mutt config:

set crypt_use_gpgme=yes

The mutt error messages are:
Could not decrypt PGP message
Could not copy message

When I prepopulate using the remote machine:
PGP message successfully decrypted.

I guess it is not that big of a deal, because when I use any other RSA
on the card the PIN is already prepopulated unlocking all of my RSA keys
on the card, but I would like to know anyway. Also if somemone could
point me to a document how the interaction works, that would be nice.

Something else I'm wandering about. When I do 'gpg -d test.gpg' on the
remote machine, I was not prompted for a PIN when the key was not
prepopulated, than I added 'pinentry-mode loopback' and it asked me on
the remote machine. But when I do the same thing on my local machine I
get a graphical prompt using pinentry. So my question is, if a remote
gpg needs my pin, is possible that my local agent prompts me for the
pin? If so, how do I configure that?


More information about the Gnupg-users mailing list