On Mon, 17 Jan 2011 22:03, k...@grant-olson.net said: > 1) Once I enter my pin, the card is unlocked as long as it's connected.
It depends on the card application. For the OpenPGP card it is true for key 2 and 3. For key 1 see below. A reset operation locks the keys again. (Try: gpg-connect-agent 'scd reset' /bye) > 2) I get prompted when making a signature because the sig counter gets > incremented, and that's a write operation to the card. Decrypting and No, that is because the forcesig flag is set; this requires a verify command before a crypto command with key 1. "gpg --edit-key", then "admin" and then "forcesig" toggles this flag. > 3) The proper way to 'lock' the card is to remove it from the reader. Yeah, powering it down is a pretty reliable way to lock all keys. Recall that the card is a regular computer - a bit small by todays desktop standards, but still a fully working CPU with RAM, ROM and I/O. Removing it from the readers is like pulling out the mains plug. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
