When unlocking the pin of a gnu smartcard in a gemalto usb shelltoken reader, by design it stays unlocked until you power down, remove or reload scdaemon. Whil this might be practical in some use cases, it might be undesired in conjunction with app-admin/pass as entering the pin only once, you can decrypt all passwords in the store. Reproducible: Always Steps to Reproduce: 1.pass Category/password 2.enter pin in pinentry Actual Results: the smartcard stays unlocked for decryption Expected Results: By default gnupg would clear the pass phrase after a timeout. This doesn't happen with the smartcard in the gemalto usb shelltoken reader.
Created attachment 460404 [details, diff] add USE smartcard
Created attachment 460406 [details, diff] reload scdaemon after decrypting a password to clear the pin