Checking multiple smart cards before asking for one
Ingo Klöcker
kloecker at kde.org
Tue May 12 16:38:41 CEST 2020
On Dienstag, 12. Mai 2020 10:56:19 CEST Valentin Ochs wrote:
> Hi there,
>
> I have two smart cards, a regular card that I plug into the builtin reader
> of my laptop and a yubikey, that have two different keys on them. I store
> some passwords in a file that is encrypted with both keys.
>
> When I try to access the passwords, pinentry will always ask me to insert
> the yubikey first, even if the other card is already inserted.
>
> Is there a way to define the order this is checked per machine (the laptop
> will usually use the card reader, other machines the yubikey), or to force
> gpg to check for all cards before asking me to provide one? I'm up for
> trying to patch this myself, if somebody will point me in a rough direction
Maybe you should optimize for what appears to be your usual scenario (laptop +
card reader versus other machines + yubikey) and simply remove the yubikey key
from the laptop and the card reader key from the other machines.
If gpg only knows about one of the two keys, then it shouldn't ask for the
wrong key. If you ever want to use the yubikey on the laptop, then you can
simply (re-)import the yubikey key on the laptop.
The downside is that this will make synchronization of ~/.gnupg between your
laptop and the other machines more difficult. But then you really only need a
single key per machine for decrypting your passwords, i.e. you could use
dedicated GNUPG_HOMEs just for the encryption keys.
Regards,
Ingo
More information about the Gnupg-users
mailing list