Cache Timeout not working correctly

Peter Lebbing peter at digitalbrains.com
Sun Aug 13 18:08:44 CEST 2017


On 11/08/17 18:51, Alexander Paetzelt | Nitrokey wrote:
> I try to get the max-cache-ttl-ssh in the gpg-agent.conf working,
> but the cache is still saved until physically disconnecting the gnupg
> smartcard.

Unless this has been fixed already, this is probably because cache-ttl
has simply never worked for smartcards. They stay unlocked indefinitely.

> Furthermore I tried to disable the card after some time over 
> ~/.gnupg/scdaemon.conf as a workaround with 'card-timeout 5', but no 
> luck either.

I would have expected that to work, but have never used the option
myself. For GnuPG 2.1.18, the documentation comes with a caveat:

> Note  that with the current version of Scdaemon the card is powered
> down immediately at the next timer tick for any value of n other than
> 0.


> Is there some other service/program which is caching?

It's the card itself! It'll stay unlocked until told otherwise or
powered down.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170813/abe83fd2/attachment-0001.sig>


More information about the Gnupg-users mailing list