Smart card support for signing and encryption

Issue #14 resolved
Name Withheld
created an issue

If a signing or encryption key is stored on a smart card (e.g. PGPCard or YubiKey NEO ), the response from gpg will be 'NEED_PASSPHRASE_PIN' rather than 'NEED_PASSPHRASE'.

The bug is: if you supply a passphrase, it will indeed be passed to gpg and the signature will be done (the signature counter on the card is increased for example) -- however, python-gnupg will signal an error.

Adding this as an additional valid response wherever 'NEED_PASSPHRASE' is accepted works for me and allows use of the smartcard keys. However, I am not familair enough with gpg or python-gnupg to tell what other changes might be needed. I would guess that the 'PIN' is like 'SYM' in how it needs to be handled.

If this list of codes I found is comprehensive, this is the only "PIN" related response

Comments (2)

  1. Log in to comment