Cache Timeout not working correctly

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Cache Timeout not working correctly

Alexander Paetzelt | Nitrokey
Hello,

I try to get the max-cache-ttl-ssh in the gpg-agent.conf working, but
the cache is still saved until physically disconnecting the gnupg smartcard.

I have a working ~/.gnupg/gpg-agent.conf with following content:

default-cache-ttl 1
max-cache-ttl 1
default-cache-ttl-ssh 1
max-cache-ttl-ssh 1
enable-ssh-support

I know that configuration file is loaded correctly as I can for example
change the used pinentry program with 'pinentry-program
/usr/bin/pinentry-qt' but the cache settings are still not used/changed.

Furthermore I tried to disable the card after some time over
~/.gnupg/scdaemon.conf as a workaround with 'card-timeout 5', but no
luck either.

Do you have any idea what could produce this symptons? Is there some
other service/program which is caching?

This is gpg (GnuPG) 2.1.22.

Kind regards
Alex


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cache Timeout not working correctly

Peter Lebbing
On 11/08/17 18:51, Alexander Paetzelt | Nitrokey wrote:
> I try to get the max-cache-ttl-ssh in the gpg-agent.conf working,
> but the cache is still saved until physically disconnecting the gnupg
> smartcard.

Unless this has been fixed already, this is probably because cache-ttl
has simply never worked for smartcards. They stay unlocked indefinitely.

> Furthermore I tried to disable the card after some time over
> ~/.gnupg/scdaemon.conf as a workaround with 'card-timeout 5', but no
> luck either.

I would have expected that to work, but have never used the option
myself. For GnuPG 2.1.18, the documentation comes with a caveat:

> Note  that with the current version of Scdaemon the card is powered
> down immediately at the next timer tick for any value of n other than
> 0.


> Is there some other service/program which is caching?

It's the card itself! It'll stay unlocked until told otherwise or
powered down.

HTH,

Peter.

--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (499 bytes) Download Attachment
Loading...