Yubikey + GNUPG 2.1.14 + GPG Agent Forwarding + Mutt 1.6.0 (gpgme 1.6.0): Not asking for PIN for smartcard on first use of an encryption key

[Antony Prince]

On 7/20/2016 4:06 AM, Thomas Glanzmann wrote:
> Mutt does _not_ prompt me to enter the pin for the smartcard. I assume
> that code is missing in mutt to prompt for the key.

My assumption would be that the callback for the prompt is issued to the
local machine rather than passing back through SSH and Mutt doesn't know
what to do with it. I don't have any experience with SSH tunneling
though, so I can't say for sure. In that case, it shouldn't work since
the key can't obtain its passphrase.

...

> Something else I'm wandering about. When I do 'gpg -d test.gpg' on the
> remote machine, I was not prompted for a PIN when the key was not
> prepopulated, than I added 'pinentry-mode loopback' and it asked me on
> the remote machine. But when I do the same thing on my local machine I
> get a graphical prompt using pinentry. So my question is, if a remote
> gpg needs my pin, is possible that my local agent prompts me for the
> pin? If so, how do I configure that?

Like the previous case, there has to be a call for the pinentry. Even
though it is tunneled through SSH, the call on the remote machine routes
to the remote machine so you get a curses pinentry or some such. To get
it to perform a call to pinentry on your local machine would require the
call to be routed back through the tunnel.

Neither response is much help, I know, but just my thoughts on what the
issue is. Hopefully, one of the gurus on the list can help you through it.

-- 

Antony Prince

Key ID: 0xAF3D4087301B1B19
Fingerprint: 591F F17F 7A4A A8D0 F659  C482 AF3D 4087 301B 1B19
URL:
http://pool.sks-keyservers.net/pks/lookup?op=get&search=0xAF3D4087301B1B19

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160720/40e2b2e0/attachment-0001.sig>