Page MenuHome GnuPG

card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN
Closed, ResolvedPublic


This is a long standing bug (only occurs in the transition of changing by "forcesig", though).

To reproduce (assumption is it's "force" state for signing authentication):

$ gpg --clearsign -v some.txt && rm -f some.txt.asc
# Success here, card implementation resets its authentication state after signing,
# But GnuPG considers wrongly card auth state is still "authenticated"
$ gpg --card-edit
gpg/card> admin
gpg/card> forcesig             # this makes card "not forced"
gpg/card> quit
$ gpg --clearsign some.txt
# Here, the card actually require authentication, but GnuPG wrongly considers it's not needed, so...
signing failed: Bad PIN
# The card behavior is correct rejecting signing