How does gnupg interact with contactless cards? I know for a contact smartcard if I try to perform an operation with the card not present, I get a prompt to insert the card, and then I get a prompt to enter the PIN when inserting the card and continuing. A contactless card in a ring form-factor is unlikely to be on the reader for long, though... is gnupg aware of contactless readers and will it e.g. ask for your PIN without the card being present and then prompt you to tap the card?
I'm aware that's what Android apps like OpenKeychain do, but I haven't been able to find much information on how gnupg/pinentry/etc behave with contactless cards.
If you have experience with contact cards, then it's all the same as far as end applications are concerned, it's abstracted away.
> is gnupg aware of contactless readers and will it e.g. ask for your PIN without the card being present and then prompt you to tap the card?
No, it will behave as if there's no card/ring if you don't have it around the reader. Software polish is a weak point, e.g things like `ssh-add -s /usr/lib/opensc-pkcs11.so` can be used to 'cache' the PIN for a session as far as `ssh -A` connection is concerned, but that's not exactly the height of usability.
Ahh, interesting. I suppose then testing when itβs possible to insert/remove a contact card without disruption would give me a good idea of what to expect from a contactless card.
Thanks for the info!
EDIT: It seems like requesting a decryption, removing/inserting a Yubikey while the pinentry screen is up, then entering the PIN does not work. I suppose I've broken the session then. So I'm guessing to use a ring form-factor card, I'd have to keep the ring above the reader during the whole operation, which means I'd have to remove it to place on the reader and can't just keep it on/tap when needed.
Hm. That's a bit unfortunate.
(Also possible the Yubikey behaves differently as it's both reader and card in one... I don't have a dedicated reader set up to test with at the moment.)
EDIT 2: For anyone who comes across this later: no, a dedicated reader behaves the same way; once the pinentry prompt is open, you can't remove the card and reinsert without invalidating that request.
I'm aware that's what Android apps like OpenKeychain do, but I haven't been able to find much information on how gnupg/pinentry/etc behave with contactless cards.