oktupol
commented
2 years ago Good catch! I modified it to take care of spaces
Closed oktupol closed 2 years ago
oktupol
commented
2 years ago Good catch! I modified it to take care of spaces
recolic
commented
2 years ago hi. I think "${gpg_options[@]}" should be enough
oktupol
commented
2 years ago I'm not sure what you mean... That's what I did 😄
recolic
commented
2 years ago I'm not sure what you mean... That's what I did 😄
no you have an extra $... check it carefully plz
recolic
commented
2 years ago seems that PR in this repo got overwritten by auto-sync. I'll merge this PR into upstream repo.
This change allows users to log in without having to enter their GPG smartcard pin.
Currently, when logging in, in order to decrypt the secret file, you have to unlock the private key on the Yubikey with a six digit pin. GnuPG doesn't allow empty pins, and usually, at this point the gpg-agent only started and didn't store any passphrases yet.
This change allows users to log in without having to enter their pin again. I am aware that this weakens the security of the private key significantly, which is why I made that optional. You still need physical access to the Yubikey nevertheless, and if you don't use the PGP key for anything other than unlocking the gnome keychain, I believe that this risk is acceptable.
I made this change under the assumption that there is no way allowing gpg-agent to store passphrases across sessions. At least I wasn't able to find any in the ten minutes of searching I did. If there is one, please let me know.