Yubico Forum https://forum.yubico.com/ |
|
[QUESTION] - gpg-agent on several platforms requires kill https://forum.yubico.com/viewtopic.php?f=26&t=2142 |
Page 1 of 1 |
Author: | draeath [ Fri Jan 01, 2016 10:24 am ] |
Post subject: | [QUESTION] - gpg-agent on several platforms requires kill |
I've got a Yubikey 4 running firmware 4.2.7. It works fine, in that I've successfully got keys loaded and I've tested encryption/decryption/signing working on a machine different than the one I set it all up on. However, there is an odd problem and I feel I may have missed something silly. Note that this is happening on Windows and on OSX, but the commonality on both is I haven't ever used gpg-agent in the past. So, on to the problem! gpg-agent runs scdaemon. This is normal. However, if I remove my yubikey and come back later, and reinsert it... it looks like scdaemon doesn't "see" the card correctly and I get weird results back - sometimes things act like the card is there, some times not. Additionally, an example of some oddness is the PIN length and PIN failure count fields reported back by gpg --card-status all show 0, instead of actual values. I'm suspecting some stuff is perhaps being cached by gpg/scdaemon? To fix this, I have to kill the gpg-agent and scdaemon processes manually. When they are started again by a subsequent usage of gpg, it works again - and continues working until I pull the yubikey later on. Do I need to do anything specifically to make it behave nicely if the key is going to be sporadically detached/reattached? Or am I destined to have to killall gpg-agent && killall scdaemon every time? The only thing I don't really understand that I've done in the process of following various tutorials is to set "mode 86" on my key. Does 6 vs 86 have anything to do with these shenanigans? Much of the documentation that references this mode setting is either very old or flies over my head. I did notice that when the agent is successfully pulling data from the card, if I were to start the NEO Manager, it can't view applet details. Presumably scdaemon is "locking" the card somehow - don't know if that's important/unusual. Final note: on the Windows (8.1) box, I'm running the official GPG "Modern" 2.1.0 build. On the OSX (El Capitan) box, GPGTools v2015.09. Of course I'm happy to provide any other detail/data that might be required. Cheers! |
Author: | Tom2 [ Thu Jan 21, 2016 11:17 am ] |
Post subject: | Re: [QUESTION] - gpg-agent on several platforms requires kil |
There should be an scdaemon time out option which may work... --card-timeout n |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |