yubikey/gpg-agent always asking for my PIN when running git commit

yubikey/gpg-agent always asking for my PIN when running git commit

1

recently, git has been asking me for my yubikey pin every 3 or 4 times after i've already typed in my pin. this didn't use to happen before. i'm thinking maybe the card isn't getting read correctly or is getting disconnected somehow. it's become pretty annoying.

~/.gnupg/gpg-agent.conf:

enable-ssh-support
default-cache-ttl 43200
max-cache-ttl 86400
default-cache-ttl-ssh 43200
max-cache-ttl-ssh 86400
pinentry-program /usr/local/bin/pinentry-tty

~/.gitconfig:

[user]
    signingkey = xxxxxxxxxx
[core]
    excludesfile = ~/.gitignore
[commit]
    gpgsign = true

reuel

Posted 2019-09-05T14:51:49.703

Reputation: 11

Answers

1

You likely have the "force signature" flag set on the card. Try gpg --card-status:

$ gpg --card-status
# snip
Signature PIN ....: forced

If you see Signature PIN ....: forced, that's your problem. You can change this setting with gpg --card-edit:

$ gpg --card-edit
> admin
> forcesig
# enter your admin PIN

Afterwords, --card-status should show Signature PIN ....: not forced, and you'll only be asked for your user PIN once per insertion of the Yubikey.

ravron

Posted 2019-09-05T14:51:49.703

Reputation: 111

Asked: 2019-09-05T14:51:49.703

Viewed: 76 times

Active: 2019-10-18T00:53:09.993