Yubikey (PGP + PIV) --pcsc-shared: PIN requires every time
Open, NormalPublic
Actions

Assigned To

Authored By

	• gniibe
	Mar 13 2024, 7:58 AM

Description

When the --pcsc-shared option is enabled for Yubikey access, PIN is always asked (not cached).

Related Objects

Mentioned In: T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations

Event Timeline

https://dev.gnupg.org/source/gnupg/browse/master/scd/app-openpgp.c$2630

This rejection could be relaxed.

But only if you can figure out in a transaction or locked sytate whether the card needs a verify. Otherwise we have a race between changing the PIN and verifying a PIN.

What I mean is that we can replace our own PIN state caching state by querying the card whether the PIN is needed.

• werner triaged this task as Normal priority.Tue, Apr 9, 1:42 PM

• werner added projects: gnupg24, yubikey.

• gniibe mentioned this in T5436: gpg-agent 2.3.1: PIN caching not working for decrypt operations.Tue, Apr 16, 7:16 AM

mdawar added a subscriber: mdawar.Tue, Apr 16, 7:59 AM

Yubikey (PGP + PIV) --pcsc-shared: PIN requires every timeOpen, NormalPublicActions

Description

Related Objects

Event Timeline

Yubikey (PGP + PIV) --pcsc-shared: PIN requires every time
Open, NormalPublic
Actions