Page MenuHome GnuPG
Create Task
Maniphest T671

card context shared between callers
Closed, WontfixPublic
Actions

Description

Release: 1.9.20

Environment

Linux/amd64

Description

when a message is being decrypted via the gpg -> gpg-agent -> scdaemon chain, the card context (including the fact that we are already authenticated to the card) is shared with other gpg processes started afterwards; breaking the assumption that you will be notified about every attempt to use the card.

While this is pretty neat as a workaround for the "being prompted for each use" problem when dealing with many encrypted messages, I doubt this was intended.

How To Repeat

Invoke "gpg --encrypt -r <key> | gpg --decrypt" in one shell, where <key> is a key that is stored on a smartcard. In another shell, decrypt a message that was encrypted to the same key, after giving the card PIN to the first instance.

Fix

Unknown

Event Timeline

richter added projects: gnupg, Bug Report.Jun 20 2006, 12:26 AM
werner added a subscriber: werner.Jun 21 2006, 9:38 PM

Given that gpg-agent is a per-user daemon, I believe this is a proper
assumption. As of now scdaemon gains exclusive access to the card and
thus no other scdaemon will be able to share the context. There is
one session per user and not a session per pty or whatever.

From: Simon Richter <Simon.Richter@hogyros.de>
To: bug-any@bugs.gnupg.org
Cc:
Subject: Re: gnupg/671
Date: Wed, 21 Jun 2006 20:26:58 +0200

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigDD4FF652D59E2B6969E8DBE3
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

> Given that gpg-agent is a per-user daemon, I believe this is a proper
> assumption. As of now scdaemon gains exclusive access to the card and
> thus no other scdaemon will be able to share the context. There is
> one session per user and not a session per pty or whatever.

Indeed, however multiple agent connections share the same context. As
the agent connection remains open while the gnupg process accessing the
agent is running, a single running gnupg process that takes long to
complete (I work with encrypted tar streams written to DVDs, for
example) will keep the context open; even if the agent forgets the PIN
after a few minutes of inactivity, newly started gnupg processes will
still be able to use the card without presenting a PIN.

Simon

--------------enigDD4FF652D59E2B6969E8DBE3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iQCVAwUBRJmPclYr4CN7gCINAQLYbwP7BAageRzDylG6OijaMTBmw3ZeLQFJc1I0
bJKmF2+6RXJ2ZAmK6KhHk3XwVgQIQUrOs1ORY4/vh218GfI+ePFgsUF6GBKxA134
GWfv+vWLg+KJ+NMYVTWOO3bGMiXtG+B+dSgiCa8Ip2O5PaEQEXqouX0jUyRGW6yU
Km5KzcfqzSI=
=5Zpb
-----END PGP SIGNATURE-----

--------------enigDD4FF652D59E2B6969E8DBE3--

werner added a comment.Jun 28 2006, 1:52 PM

I can see the problem. A solution for that will be to have gpg drop
the connection to the gpg-agent right when starting to decrypt the bulk data.
We need to see how this can be done in a clean way.

From: Simon Richter <Simon.Richter@hogyros.de>
To: bug-any@bugs.gnupg.org
Cc:
Subject: Re: gnupg/671
Date: Wed, 28 Jun 2006 14:58:45 +0200

Hi,

wk@gnupg.org schrieb:

> Synopsis: card context shared between callers

> I can see the problem. A solution for that will be to have gpg drop
> the connection to the gpg-agent right when starting to decrypt the bulk data.
> We need to see how this can be done in a clean way.

Wouldn't that still be a race condition (Albeit one that some users
explicitly ask for :-) )?

Simon
werner added a comment.Oct 2 2006, 8:07 PM

Needs to be fixed. Same problem also with gpgsm.

werner added a project: scd.Oct 2 2006, 8:07 PM
werner lowered the priority of this task from High to Normal.Oct 19 2006, 5:18 PM
werner set Due Date to Nov 30 2008, 1:00 AM.Sep 30 2008, 8:01 PM
werner changed Due Date from Nov 30 2008, 1:00 AM to Dec 30 2008, 1:00 AM.Dec 5 2008, 6:01 PM
werner changed Due Date from Dec 30 2008, 1:00 AM to Dec 31 2011, 1:00 AM.Jul 1 2011, 11:35 AM
werner changed Due Date from Dec 31 2011, 1:00 AM to Dec 31 2013, 1:00 AM.Apr 22 2013, 10:04 AM
werner removed Due Date.Sep 9 2015, 4:08 PM
marcus removed gnupg-hackers as the assignee of this task.Jul 17 2017, 6:26 PM
marcus added a subscriber: gnupg-hackers.
werner closed this task as Wontfix.Mar 28 2019, 5:49 PM
werner claimed this task.

I don't anymore think that it makes sense to fix it. Further there is no cache for PINs; that is entirely up to the card.