On 02/26/2011 09:40 PM, David Tomaschik wrote: > > I've recently received my smart card, but was wondering what the "best > practices" are, mainly from a physical standpoint. When I use it in > my laptop reader, it sticks about 2" out of the side, and I have some > concern about this (i.e., getting damaged by being pushed into > something, etc.). I am using the Authentication key on it for SSH, > and the normal signing & encryption operations, so I suppose I need it > when sending signed email and signing into a system. Do most people > leave it in the computer most of the time, or just insert it as > needed? This brings to mind: how many insertion cycles can these > cards handle? Looking online, various smart cards are rated anywhere > from 10,000 to 250,000 insertions. (At 10,000, as few as 10 > insertions per day would net a 3 year lifetime.) > > I hope this all makes sense... >
I usually just leave it in until I leave the computer for lunch or a meeting or whatever. One thing I didn't realize at first, is that once you've unlocked either your encryption or authentication key, it will remain unlocked as long as the card is powered up, regardless of any password cache settings you've set in your gpg configuration. If that bothers you, but you don't want to keep yanking and inserting the smartcard, you can kill the scdaemon process and it'll effectively 'unplug' your card. I'm pretty sure there's an easier command to do this too, but I can't remember it off-hand. But I personally just assume I'll notice the blinking activity light on my reader if some malware script or something weird tries to run gpg commands while the card is activated. -- -Grant "Look around! Can you construct some sort of rudimentary lathe?"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
