Is limit-card-insert-tries a working option?

Wed, 29 May 2019 09:37:37 -0700 

Hey folks, I'm trying to figure out if

    a) the gpg option --limit-card-insert-tries is currently functioning (I'm 
assuming it is)
    b) setting --limit-card-insert-tries=1 does what I expect

My current setup is that I have my passwords stored using the pass tool from 
passwordstore.org. Each password is encrypted as a separate file and the 
encryption/decryption is handled by one of several of my encryption subkeys.

I've made multiple encryption subkeys from a master key after reading around 
best practices and other tidbits from other GPG users. My subkeys are each 
individually stored on a separate Yubikey from Yubico.com.

The encryption and decryption works great. For my multiple devices, I can have 
different keys inserted and encrypt/decrypt just like I would if the same 
master key was on each device. This is by using the `pass` tool initialized 
with each subkey's 0xid with an ! added to the end.

The annoyance comes from the pinentry prompt I'm using with the gpg agent. When 
needing to refresh the cache, the agent prompts me multiple times to insert my 
other smart cards before it reaches the smart card that is currently plugged 
into my device. This happens on both OSX and Fedora using version 2.2.15 of gpg 
and gpg-agent.

I've read about the --limit-card-insert-tries option and that, if specified as 
1, the prompt shouldn't appear to insert the card. To my understanding, it 
should fail and move on to the next subkey silently. Am I reading the option 
correctly?

If I am, I currently have `limit-card-insert-tries 1` within my gpg.conf 
config, but it isn't having any impact. I can confirm that other settings 
within my gpg.conf are being read and utilized.

I pulled down the latest copy of gpg from git://git.gnupg.org/gnupg.git and 
tried to follow the path from when the --limit-card-insert-tries is provided, 
but I'm getting lost with where the setting goes. I'm sure it's used somewhere, 
but I seem to hit a dead end following the program's usage of the option.

Can anyone give me guidance as to what I'm doing wrong? Did I misunderstand the 
usage of the option? Is there some alternative I could do instead?

I love the setup I have, but I'm fairly new to gpg and smart cards; so, not 
sure if I've made some mistake along the way.

_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to