Is limit-card-insert-tries a working option?

Ángel angel at pgp.16bits.net
Sun Jun 2 23:46:57 CEST 2019


I would say, why are you encrypting to the three subkeys?


In your original mail this stood up:
> The annoyance comes from the pinentry prompt I'm using with the gpg
> agent. When needing to refresh the cache, the agent prompts me
> multiple times to insert my other smart cards before it reaches the
> smart card that is currently plugged into my device. This happens on
> both OSX and Fedora using version 2.2.15 of gpg and gpg-agent.

as it should be asking just for the needed key.


However, since for encryption you are using:
>   gpg2 -e -r keyid1! -r keyid2! -r keyid3! -o content.gpg --quiet --yes --compress-algo=none --no-encrypt-to --batch --use-agent /path/to/content.txt

and you do have those three keys, it is asking for all of them.

So I would recommend you to use just one of them.

Or, if you really want to encrypt to the three subkeys (for backup?),
not to use the three of them on the same computer. So that you would
only have imported one of the secret keys (imported as in known by the
secret keyring that it it there on a smartcard)

Having three sets of subkeys on your key is weird
> --------------------------------------
> sec   rsa4096/0x6CA6A08DBA640677 2019-03-01 [SC]
>       2C8160E6AF1166154CDAED266CA6A08DBA640677
> uid                   [ultimate] Chip Senkbeil (My mail & pass key) <chip at senkbeil.org>
> ssb>  rsa4096/0x588B4B090695884C 2019-03-01 [E]
> ssb>  rsa4096/0x8A6B3DB2C23EB74B 2019-05-08 [E]
> ssb>  rsa4096/0x95B67753BA414327 2019-05-08 [E]
> ssb>  rsa4096/0x231C4CB425985243 2019-05-28 [S] [expires: 2024-05-26]
> ssb>  rsa4096/0x1F3D585E398D11B1 2019-05-28 [S] [expires: 2024-05-26]
> ssb>  rsa4096/0x5487424ABA6BDDDB 2019-05-28 [S] [expires: 2024-05-26]
> ssb>  rsa4096/0x68F5987A509841B2 2019-05-28 [A] [expires: 2024-05-26]
> ssb>  rsa4096/0x70B8AA34DA9D2413 2019-05-28 [A] [expires: 2024-05-26]
> ssb>  rsa4096/0xDD69ABE5B8BCF75C 2019-05-28 [A] [expires: 2024-05-26]
> --------------------------------------

and it is likely to confusing when people write you (per Murphy's law
they will probably use for encryption the one you don't have with you).

You know you could have the same subkeys on three different yubikeys, do
you?


Kind regards





More information about the Gnupg-users mailing list