- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
All Stories
May 18 2021
Possibly, it keeps running at calibrate_s2k_count, for some reason.
I was wrong.
Note: I believe this issue might affect multiple other GnuPG projects.
May 17 2021
In T5436#146148, @ikloecker wrote:It's not clear whether you are talking about PIN caching related to signing operations or decryption operations.
I fully agree. That was actually my itention - not sure why the coded ended up as it is.
Just got around to testing this on Linux, and I can confirm the same behavior: decryption PIN caching works on 2.2 and doesn't work on 2.3.
Due to tax issues, we can't accept a donation as return on service. However, we will fix bugs anyway if possible,
@znull You can also fix the detection issue by building with ./configure --disable-ccid-driver, in which case you won't need the disable-ccid setting anymore.
@ikloecker Sorry for not being clear, I was not aware different operations have different behaviors in regard to entering / caching the PIN.
It's not clear whether you are talking about PIN caching related to signing operations or decryption operations.
May 16 2021
May 15 2021
I just wanted to chime in that I've had exactly the same experience as @lbogdan: gnupg 2.3 stopped recognizing my yubikey entirely on MacOS until the T5415 workaround (disable-ccid). After that, pin caching was broken until I applied his patch to call-scd.c:548, which makes it work as before. Without these two changes the experience with gnupg 2.3 is degraded relative to 2.2.
May 14 2021
So I did a bit more reading on smartcard PIN caching, and took a better look at the debug logging of gnupg 2.2, and learned that, indeed, the PIN is cached by the card and not by any one gnupg component.
May 13 2021
I am testing with rGccfb5e0a7dc6: scd: Use SCardStatus for pcsc_get_status. on GNU/Linux.
May 12 2021
Yes, I already linked to T5415, but that breaks YubiKey completely, and I fixed it with disable-ccid.
The pincache is actually not what you think it is. It is only used to allow switching between different application on a Yubikey which reqieres a new VERIFY command after switching back to the first application the card. What you feel as caching is the state of the card, which usually keeps its verification state until the card is powered down.
Frankly, I am pretty sure that the new base64 encoding of the fingerprint leads to less diligent comparison of the fingerprint by the user. I don't understand why they did not used a truncated hex output or zBase32 .
May 11 2021
Thanks for using GPA. Unfortunately, I have to tell you that GPA development has been stopped and I can't say whether we will fix that bug any time soon. Please consider to switch to Kleopatra which is the standard key manager included in gpg4win.