On Wed 2017-06-14 23:26:22 +0200, martin f krafft wrote: > also sprach Teemu Likonen <tliko...@iki.fi> [2017-06-14 22:48 +0200]: >> That's because the OpenPGP card (Yubikey) itself goes to authenticated >> mode and don't require the PIN anymore. > > If that's the case — thanks for putting it so concisely — then why > does killing gpg-agent mean having to enter a PIN the next time > around?
I believe that killing gpg-agent kills scdaemon, which de-initializes
the smartcard on shutdown, which takes it out of authenticated mode.
I suppose that scdaemon could be taught to de-initialize the smartcard
after expiration of the ttl, though. maybe gniibe (cc'ed) could comment
on whether that's feasible or not. it would be nice to have the
semantics of the cache ttl be the same, regardless of whether a key is
stored on a smartcard or not.
--dkg
signature.asc
Description: PGP signature
