Environment
Debian sid:
$ dpkg -l gnupg gnupg-agent
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Säubern/Halten
Status=Nicht/Installiert/Config/U=Entpackt/Fehlgeschl. Konf./Halb install. | |
/ Fehler?=(keiner)/Halten/R=Neuinst. notw/X=beides (Status, Fehler: GROß=schlecht) | |
/ Name Version Beschreibung | |
+++-==============-==============-============================================
ii gnupg 1.4.0-3 GNU privacy guard - a free PGP replacement
ii gnupg-agent 1.9.15-5 GNU privacy guard - password agent
Description
The gpg-agent does not cache smartcard PINs, but does cache on-disk-key-passphrases.
How To Repeat
The daemon works for my on-disk-key:
$ eval $(gpg-agent --daemon -s)
gpg-agent[11762]: listening on socket `/tmp/gpg-r4g9fT/S.gpg-agent'
$ echo bla|gpg --sign --armour -u 4743206C!
You need a passphrase to unlock the secret key for
user: "Joachim Breitner <mail@joachim-breitner.de>"
1024-bit DSA key, ID 4743206C, created 2002-08-27
gpg-agent[11763]: handler for fd 0 started
gpg-agent[11763]: DBG: agent_get_cache `314E3B2D605A6EB35A7D8119F628EB934743206C '...
gpg-agent[11763]: DBG: ... miss
gpg-agent[11763]: starting a new PIN Entry
gpg-agent[11763]: DBG: agent_put_cache `314E3B2D605A6EB35A7D8119F628EB934743206C ' requested ttl=0
gpg-agent[11763]: handler for fd 0 terminated
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.0 (GNU/Linux)
owGbwMvMwCT4TeP1ZHdnhRzG01xJDE6OdrVJOYlcHfbMrGAOTFaQSbacYQ5XVBNr
4e3S/rVrYjyKOCLdq216XzLMT3Q8+30z476ln35MuOS2JefuDbXIFAA=
=y737
-----END PGP MESSAGE-----
$ echo bla|gpg --sign --armour -u 4743206C!
You need a passphrase to unlock the secret key for
user: "Joachim Breitner <mail@joachim-breitner.de>"
1024-bit DSA key, ID 4743206C, created 2002-08-27
gpg-agent[11763]: handler for fd 0 started
gpg-agent[11763]: DBG: agent_get_cache `314E3B2D605A6EB35A7D8119F628EB934743206C '...
gpg-agent[11763]: DBG: ... hit
gpg-agent[11763]: handler for fd 0 terminated
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.0 (GNU/Linux)
owGbwMvMwCT4TeP1ZHdnhRzG01xJDE6OdvVJOYlcHfbMrGAOTFaQaa04w4KDxitU
fF4/8zRmZfmYulT13p0CuVaGBetd8v7Ii5h2ztk9XfLzgTULvkb8VwAA
=5CRL
-----END PGP MESSAGE-----
But not for the smartcard PIN:
$ echo bla|gpg --sign --armour -u 4743206C
gpg: detected reader `CardMan4000 00 00'
gpg: signatures created so far: 50
gpg: DBG: asking for PIN 'PIN [sigs done: 50]'
PIN [sigs done: 50]
gpg-agent[11763]: handler for fd 0 started
gpg-agent[11763]: starting a new PIN Entry
gpg-agent[11763]: handler for fd 0 terminated
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.0 (GNU/Linux)
owGbwMvMwMS4X7JO8puX+3TG01xJDE6OdsuTchK5OhmmMrOCeXBpps2fWBiWJwi/
ZLMys5ZdvVHu3Me+VdURcqUb5Mr2HzMSbpj9wnXn1MPTd+S+/XDhWe8B09xz+/89
E3r/OEdITe42U9N9p81uWbpTZBqeGHLz9ux43GoUcWFt6NyG67vdkwP/Ot45p3dd
7NiEx38KmBIXfd8YUWtmqmedWiCsccX2Y4Gnk9Dk7Vsb1G4AAA==
=BaUt
-----END PGP MESSAGE-----
$ echo bla|gpg --sign --armour -u 4743206C
gpg: detected reader `CardMan4000 00 00'
gpg: signatures created so far: 51
gpg: DBG: asking for PIN 'PIN [sigs done: 51]'
PIN [sigs done: 51]
gpg-agent[11763]: handler for fd 0 started
gpg-agent[11763]: starting a new PIN Entry
gpg-agent[11763]: handler for fd 0 terminated
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.0 (GNU/Linux)
owGbwMvMwMS4X7JO8puX+3TG01xJDE6OdhuSchK5OhmmMrOCeXBppq5zzP/9Zy6N
u7bhvVjmutjZzlNVMoMUbpwPaU1WiQuafG/9hBefjWNctzG33nt+7Moc6ac39jw0
nzVDuK/h4qLawiivipJeHe82/karVXGbxUovnuCcVu66mMVtd3BYX/y8BJVmh9al
pXp5DItvB1upGZ9XyuyTP/tYuY5vynaVOGGh1ddWnPu64w0A
=w/s6
-----END PGP MESSAGE-----
$ gpg --card-status
gives
Signature PIN ....: not forced
Fix
Unknown
Release Note
Fix is in the current CVS (HEAD) and will go into 1.4.2.