My configuration:
- Centos 6.5
- gnugp2-2.0.14-6.el6_4.x86_64
- gnupg2-smime-2.0.14-6.el6_4.x86_64
I configured gpg2
to use my signature key in smartcard gnupg V2.0.
I imported my gpg signature key to the rpm store.
I need to sign an rpm package using rpm --addsign myApp.rpm
.
It works fine, but rpm
prompts once for the smartcard PIN, and gpg2
(with pinentry
programm) prompts three times for the smartcard PIN.
I expected that rpm --addsign
passes the PIN (get in first prompt) to gpg2
and gpg2
doesn't ask again for the PIN.
Is it possible to have only one prompt to sign the rpm package with gpg2
?
Best Answer
In order for the pin to be cached you need to run
gpg-agent
and your card should not have theforcesig
bit set.AFAIK, by default, the cards are shipped with the forcesig bit set, which is more secure. You can see this using the
gpg --card-edit command
and look for the entry Signature PIN. According to the manual:You can change the bit by using:
(Shameless plug: for more details on securely setting up a card, see my rant)