[Gpg4win-users-en] gpg-agent or scdaemon timeout not working

Mwyann mwyann at gmail.com
Wed Oct 14 12:26:10 CEST 2015


Hello,

I'm using a GPG smartcard with a Gemalto reader. I'm using it to sign
things and authenticate to my SSH servers. It's working quite well, but
there's something that doesn't work as expected.

When I try to configure the gpg-agent timeouts (both personal codes and SSH
keys), or even the scdaemon idle function, it just never forgets my code,
and it never asks me for my smartcard's code again. I personally think it's
a security issue, because anyone using my computer can have access to my
personal data and servers without my knowledge and without my conscent.

When I kill the gpg-agent.exe process and I run Kleopatra again to respawn
it, it asks for my code again, so I think it's a gpg-agent issue. But it's
not very practical to do it like this :) I'd rather use the timeout
function and let it forget my code automatically after a while.

The file AppData\Roaming\gnupg\gpg-agent.conf is correctly created and
reflects the changes, but the options are just ignored. None of the
following options are taken into account, I have to either kill
gpg-agent.exe or unplug/replug my smartcard for it to forget my code:

no-allow-external-cache
default-cache-ttl 120
ignore-cache-for-signing
default-cache-ttl-ssh 120
max-cache-ttl-ssh 300
max-cache-ttl 300

The "enable-putty-support" option is recognized and useful though, so the
file is correctly readed too.

What can I do?

Yann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20151014/6d0bbe67/attachment.html>


More information about the Gpg4win-users-en mailing list