Clearing cached PIN for Yubikey

NIIBE Yutaka gniibe at
Thu Aug 6 07:10:55 CEST 2020

ಚಿರಾಗ್ ನಟರಾಜ್ wrote:
> I was attempting to figure out what the 'canonical' way of clearing a
> Yubikey's cached PIN is.

Clearing the authentication status is supported in scdaemon (in the
lower level), but there is no good way by command line.

If you don't care about using a kind of develper's tool
(gpg-connect-agent), you can do following.

For signing, type:

    $ gpg-connect-agent "SCD PASSWD --clear 1" /bye

For decryption/authentication, type:

    $ gpg-connect-agent "SCD PASSWD --clear 2" /bye

Perhaps, using a tool for users would be more relevant.  Then,

    $ gpgconf --kill scdaemon

could be used to clear all authentication status.

More information about the Gnupg-users mailing list