Just a quick comment regarding GitHub: This mirror of the gpg repo hasn't been updated since many months. Please get the sources of gpg directly from the original source: git://git.gnupg.org/gnupg.git. See https://gnupg.org/download/git.html

And you may want to read the section "Sending patches" of https://dev.gnupg.org/source/gnupg/browse/master/doc/HACKING.

Thanks @ikloecker - I'll rebase to the original repo and send it to the email list.

When the device-side feature was proposed, I had suggested to extend the protocol so that host side can know device side requires user interaction and prompt a user. But... the result was "it can be done with device side only".

Alas, it was not correct (for all cases). I don't know how we can move on from here.

Is there any progress on this issue? The code looks reasonable but does not apply on top of 2.2.35 (I didn't try master yet) and I didn't find a submission to the mailing list. I would really appreciate this patch, as it is a significant speedbump in my workflow.

I put another change for T5099. This feature can be used for any keys, no matter if it's on Yubikey or not, no matter if token supports touch confirmation or not.

If it works for you, you can disable touch confirmation of Yubikey and use the feature (put a line "Confirm: yes" in your key under .gnupg/private-keys-v1.d) instead.

Besides, if lower layer solution is preferred, Yubikey can support having the special BWT value 0xff when bmCommandStatus = 2 (Time extension) is returned to host. The CCID driver recognizes this special value to prompt a user the dialog window.

This feature is implemented in different way, by T5099.

The patch of this ticket entirely change all behavior of keys on card.

With the change by T5099, it is controlled by the Confirm field in a key, thus, a user has more fine-grained control.

So, I put 'Testing' tag in this ticket.