tication or encryption key
is needed? Then, entering the PIN would be required also every time for
e.g. ssh authentication (if the force-sig flag is set on the card). This
would basically provide the same functionality as 'card-timeout 1'
(provided that it works) without the trouble of p
he 'Signature
PIN' setting doesn't have an effect (it works perfectly for signatures,
though). My main concern is that the probability that the hijacking of
the gpg-agent/ssh-agent is successful is much higher when the PIN is
cached for a long time than it would be with short cache-ti
er your box?
In any case, what I was suggesting can easily be done by a script that
regularly checks the gpg-agent log and resets the card if the last
access is older than default/max-cache-ttl. So it doesn't need to be
built into gpg-agent/scdaemon.
Marco
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
