El día martes, noviembre 02, 2021 a las 06:34:16p. m. +0100, Werner Koch via Gnupg-users escribió:
> On Sat, 30 Oct 2021 15:50, Matthias Apitz said: > > > I just withdraw the USB dongle after the operation. I was thinking that > > the gpg-agent.conf entry 'max-cache-ttl' will also expire the unlocked > > state of the OpenPGP card, which it does not. How could I do this? > > No, it does not because it is the decision of the card how long the > VERIFY command send to the card allows the use of the key. For most > cards and keys the keys are unlocked by VERIFY until the card is powered > down. The OpenPGP cards allow to limit the VERIFY command for the first > key to one signing operation ("forcesig" toggles this). > > As a workaround use "gpgconf --reload scdaemon" to power down the card. > Thanks. As I will use the card in the phone mostly (only) with the pass command, i've added this to the script to get the card locked after any usage with pass: purism@pureos:~$ tail -8 /usr/bin/pass # power down the OpenPGP card # g...@unixarea.de # gpgconf --reload scdaemon sleep 2 exit 0 I have now my ~330 passwords always with me, encrypted with an OpenPGP card, and available without any laptop or USB dongel, just in my phone -- a big progress. Thanks to Purism to bring this with the L5 to the Linux world! matthias -- Matthias Apitz, ✉ g...@unixarea.de, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub August 13, 1961: Better a wall than a war. And, while the GDR was still existing, no German troups and bombs have been killed in Yugoslavia, Afghanistan, Afrika... _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users