Using pam-gnupg with an OpenPGP smart card

[lifecrisis]

One thing I'm quite interested in is getting this module to work with an OpenPGP smart card. I had thought that the process of forwarding passphrases from gpg-agent to scdaemon would be transparent, but this doesn't appear to be the case.

The issue is that, when the keys are stored on the smart card as opposed to on disk, presetting the passphrase in the agent doesn't seem to work for me.

I have posted on the gnupg-devel mailing list about this issue, so that everyone is aware. See this link for more detail about what I'm seeing.

[OJFord]

Ah. I seem to have the same issue. Did you find a fix/workaround for this @lifecrisis?

[lifecrisis]

On Mon, 2021-05-03 at 14:54 -0700, Oliver Ford wrote:

Did you find a fix/workaround for this @lifecrisis?

Unfortunately, I have given up on this. :(

[cruegge]

I think I'll close this as out of scope. As far as I understand the reply from Werner Koch, the mechanism for unlocking smart cards is fundamentally different from the usual PRESET_PASSPHRASE, and the workaround involves messing around with the card to entirely (?) disable the PIN. Maybe I'll just add a note to the README saying that smart cards are simply not supported.