Smartcard not seen when reinserted

Franck Routier alci at mecadu.org
Wed Oct 4 10:13:18 CEST 2017 

Le 02/10/2017 à 16:37, Matthias Apitz a écrit :
> El día lunes, octubre 02, 2017 a las 01:35:16p. m. +0200, Franck Routier escribió:
>
>> My problem, in addition to the pin being cached "forever" (as long as
>> the card is inserted, with no time limit), is that when I remove and
>> reinsert the card, it is not recognized unless I restart gpg-agent.
>>
>> So here is what happens:
>>
>> card inserted
>> pam_poldi.so called (sudo)   --> PIN requested
>> pam_poldi.so called (sudo)   --> no PIN requested 
>> pam_poldi.so called (sudo)   --> no PIN requested
>> card removed (I don't like to let my card inserted, with no PIN
>> validation needed !)
>> card inserted                        --> card not seen (card error,
>> OpenPGP card unavailable)
>> gpgconf --kill gpg-agent       --> card seen
>> pam_poldi.so called (sudo)   --> PIN requested
>> pam_poldi.so called (sudo)   --> no PIN requested 
>> etc...
>>
>> Hence my questions:
>> 1) can I force PIN for authentication each time I use it (it seems that
>> the forcesig option is for signature only, not for authentication)
>> 2) what can I do to have my card recognized on reinsert, without
>> ressorting to killing gpg-agent
>>     --> probably with some scd-event magic that's beyond my know-how for
>> now...
> I'm using the attach 'scd-event' script to lock my display on card
> removal and to unlock it on card-insert. The real work in the script is
> at line 107++
>
> Maybe it can serve you a bit.
>
> 	matthias
Thanks Matthias for the input. I couldn't make the 'remove card' event
trigger anything... (with NOCARD status).
After browsing the internet a bit more, I finally tried to install pcscd
and tell scdaemon not to use its internal CCID implementation, and this
worked...
It also solves my other problem (IPN code being cached "forever"), as I
suppose pcscd reinitializes the card state after so time.

So this is solved for, by using pcscd.

Thanks again,
Franck

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20171004/6a70feb2/attachment.sig>

More information about the Gnupg-users mailing list