On Thu, 2 May 2024 15:31, Matthias Apitz said: > which locks the card again. Any ideas?
If you really want to reset the card after an operation _and_ you are using pcscd you can use gpg-connect-agent 'scd disconnect' /bye But killing scdaemon is probably the easier and more reliable way: gpgconf -K scdaemon does this by sending the kill command gpg-connect-agent 'scd killscd' /bye Some card applications require a VERIFY command (i.e. asking for the PIN) for each operation. An OpenPGP card does this only for the signing key and only if that feature has been enabled (force command of --card-edit). Remember that there is no PIN cache[1] but the card application tales the descision when and how often a PIN is required after power up (of the card). If you only want to be asked whether the ssh-key shall be used, you can put a line Confirm: yes into the private-keys-v1.d/<keygrip>.key file of the AUTH (shadow-)key: *** Confirm If given and the value is "yes", a user will be asked confirmation by a dialog window when the key is about to be used for PKSIGN/PKAUTH/PKDECRYPT operation. If the value is "restricted", it is only asked for the access through extra/browser socket. Shalom-Salam, Werner [1] Actually there is a PIN cache to allow a Yubikey to switch between the OpenPGP and PIV appications back anf forth without requiring a PIN after each switch. A sample use-case is sending PGP signed mails and also using a browser or IMAP server with user certificate based authentication. -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
