On Sat, 30 Oct 2021 15:50, Matthias Apitz said: > I just withdraw the USB dongle after the operation. I was thinking that > the gpg-agent.conf entry 'max-cache-ttl' will also expire the unlocked > state of the OpenPGP card, which it does not. How could I do this?
No, it does not because it is the decision of the card how long the
VERIFY command send to the card allows the use of the key. For most
cards and keys the keys are unlocked by VERIFY until the card is powered
down. The OpenPGP cards allow to limit the VERIFY command for the first
key to one signing operation ("forcesig" toggles this).
As a workaround use "gpgconf --reload scdaemon" to power down the card.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
