Yubico Forum
https://forum.yubico.com/

Yubikey 4 Smartcard PIN timeout
https://forum.yubico.com/viewtopic.php?f=35&t=2281
Page 1 of 1

Author:  Dopey [ Tue Apr 12, 2016 10:32 am ]
Post subject:  Yubikey 4 Smartcard PIN timeout

I'm using my yubikey 4 as a smartcard (with GnuPG) on Linux and Windows. Everything works fine.

Once I insert the yubikey, the first time I encrypt I have to enter the pin. After that, it doesn't ask the pin again for another operation.

Is it possible to time out the pin code or request the user to re-insert the yubikey to confirm the operation ?

Author:  ChrisHalos [ Wed Apr 13, 2016 4:22 pm ]
Post subject:  Re: Yubikey 4 Smartcard PIN timeout

Removing the YubiKey 4 after you use it and re-inserting it when you need it should require you to re-enter the PIN. An alternative solution would be to add the touch functionality to the keys (https://developers.yubico.com/PGP/Card_edit.html) - refer to the section "YubiKey 4 touch." If you're using it for signing, you can set forcesig to always require the PIN.

There are cache-timeout and card-timeout options (for gpg-agent and scdaemon, respectively), but they are pretty hit-and-miss on functionality.

Author:  belette [ Tue May 02, 2017 11:01 pm ]
Post subject:  Re: Yubikey 4 Smartcard PIN timeout

I got the exact same "issue". I activated the touch functionality for decryption which is nice!
but still the key is cached for my entire session and default-cache-ttl / max-cache-ttl for gpg-agent or card-timeout from scdaemon don't do anything for me...

Any idea on how we could reduce it?
many thanks

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/