-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, 2013-02-21 at 07:55 +0100, Yves-Alexis Perez wrote: > > My current use case is ssh (with enable-ssh-support of gpg-agent) where > I'd like to prevent the card to be used without my knowledge. force-sign > on the card itself provides it for signature, not for > decryption/authentication. > > card-timeout is supposed to do something like that, but it fails here > somehow.
I'm replying to myself more than 10 years after, in case someones stumbles upon this. When using PC/SC shared mode scdaemon won't cache the PIN and thus require it for each operation (ssh authentication), fixing the initial issue. To do that add to .scdaemon.conf disable-ccid # disable internal smartcard support to use PCSC pcsc-shared # use PCSC in shared mode Then gpgconf --kill scdaemon. It's not perfect, see #1113729 for drawbacks. Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmi19MsACgkQ3rYcyPpX RFulZggAvvMWc9vq9cVkcp6sLBQ6ynw51/vn8+jxsQAF30dag1k6N2cx1byGV1aT gB1lnNpjB7PkT7UzfrZc9ngyrmXxB6F92I51YH/Sr5lfvBUvCp7xmyROyIOR3fyl ZP7OKvCLRiAfUrbcIcqo7UO955tqk07FTx/bzEREbHfbCm31+3rkh026V5laEcw1 8uXl8W7BJCGp7nxSUXga2QNrRrA8E5RMAlfE/Vf8iBeDiFSEwVCZUVktJPCz6gHn EVF24PqwpU/vmjkjs8g/LGe4vv6KGLALHFf+77zWPKU9Wwq4G2GNMlu+8YtnC53T JA8oEHSZRcZjwHqdE2sTvoVHI02lpg== =YRK9 -----END PGP SIGNATURE-----
