card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN
Testing, NormalPublic

Description

This is a long standing bug (only occurs in the transition of changing by "forcesig", though).

To reproduce (assumption is it's "force" state for signing authentication):

$ gpg --clearsign -v some.txt && rm -f some.txt.asc
# Success here, card implementation resets its authentication state after signing,
# But GnuPG considers wrongly card auth state is still "authenticated"
$ gpg --card-edit
gpg/card> admin
gpg/card> forcesig             # this makes card "not forced"
gpg/card> quit
$ gpg --clearsign some.txt
# Here, the card actually require authentication, but GnuPG wrongly considers it's not needed, so...
signing failed: Bad PIN
# The card behavior is correct rejecting signing
gniibe created this task.Oct 15 2018, 3:56 AM
gniibe updated the task description. (Show Details)
gniibe updated the task description. (Show Details)Oct 15 2018, 3:59 AM
gniibe changed the task status from Open to Testing.Oct 15 2018, 4:24 AM
gniibe renamed this task from card: After "forcesig" command makes "not forced", signing fails by: Bad PIN to card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN.Oct 15 2018, 10:36 AM