git commit signing: Asked for smartcard as it's plugged in

NIIBE Yutaka gniibe at fsij.org
Wed Mar 28 02:00:02 CEST 2018


Gabriel Augendre <gaugendre at gmail.com> wrote:
> Whenever I need to sign a git commit, I need to plug my Yubikey in and
> type the pin code. That works perfectly just after logging into my
> session, but if the computer goes to sleep (that's my guess, not sure
> about that) and I wake it up and try to sign another commit, GPGTools
> pinentry keeps asking to plug the yubikey in even though it's already
> there.

I think that this is related to the bug report:

    https://dev.gnupg.org/T3825

I found that there are (at least four) different issues; Device firmware
problem, GnuPG scdaemon problem, PC/SC problem for GNU/Linux, and Linux
kernel problem.

Since your case is on macOS, latter two are not relevant.

I think that Yubikey somehow doesn't work well for USB suspend.  For
this problem, please contact the manufacturer.

I fixed a problem of GnuPG scdaemon and implemented work around for
device problem.  It will be in 2.2.6.  With the fix and the work around,
scdaemon tries to reset device after such a failure.  So, you won't need
to manually re-plug your device, but PIN input will be required, since
the device will be reset.

For GNU/Linux, I'd recommend to use internal CCID driver, instead.  It
seems that PC/SC development doesn't have an interest for suspend/resume.

The kernel problem is here:

    https://www.spinics.net/lists/kernel/msg2757378.html

Since it is a kind of corner case which has been there long time, I
could not expect fix will be included soonish (or even getting
attention).  Thus, I changed scdaemon using pipe instead of signal (in
forthcoming 2.2.6).
-- 



More information about the Gnupg-users mailing list