Unlock smartcard PIN without decrypting a file

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Unlock smartcard PIN without decrypting a file

jman

Howdy,

usually I unlock my Yubikey and enter its PIN when I need to decrypt a
file.

Sometimes I'd like to unlock the smartcard without really interacting
with the private key stored there.

Is there an SCD command that allows me to do this? I've read the GNUPG
manual but couldnt really find anything for this, my (perhaps limited)
understanding is
that SCD commands do not require the PIN.

thanks for any suggestion!

regards,

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: Unlock smartcard PIN without decrypting a file

GnuPG - User mailing list
On Tue, 29 Dec 2020 15:13, Journeyman said:

> that SCD commands do not require the PIN.

The PIN is passed to the card and processed by the card.  Thus the card
decides on whether an operation needs a PIN.  Usually the PIN is
required only once and valid until the card is powered down
(e.g. unplugged).  The OpenPGP card may require a PIN for each signing
operaion - this behaviour can be controlled using the "forcesig" command
of gpg --card-edit.

To do the verification without any operation you can use "gpg
--card-edit" and then enter "verify".

If you want to see the commands send to the scd run
gpg --debug ipc --card-edit


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (233 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Unlock smartcard PIN without decrypting a file

jman

> To do the verification without any operation you can use "gpg
> --card-edit" and then enter "verify".

> If you want to see the commands send to the scd run
> gpg --debug ipc --card-edit

Thank you so much for the detailed anwser! Based on your suggestion I
could debug that the "verify" command sends:

gpg/card> verify
gpg: DBG: chan_4 -> SCD CHECKPIN AAABBBCCCDDD
gpg: DBG: chan_4 <- INQUIRE PINENTRY_LAUNCHED 401855 tty 1.1.0 /dev/pts/0
xterm-kitty -
gpg: DBG: chan_4 -> END

therefore the onliner I was looking for could look like this:

gpg-connect-agent 'SCD CHECKPIN AAABBBCCCDDD' /bye

("AAABBBCCCDDD" being the serial number of the smartcard)

regards,

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users