OpenPGP card and 4096 bit keys

Werner Koch wk at gnupg.org
Tue Oct 20 09:36:25 CEST 2009


On Mon, 19 Oct 2009 19:55, klaus at flittner.org said:

> i have a openpgp card that supports 4096 keys (even the one from
> kernelconcepts seems to support them). But the usage with gpg is

Note that cards up to a s/n of 0x15a (346) from Zeitcontrol ahve a bug
in that decryption does not work with keys larger than  2048 bit.

> As far as i've looked into the code the only two commands that cause a
> problem are:
> - genkey: Public Key is returned via status lines
> - decrypt: encrypted message is passed as an extra command

Right.

> In my opinion there are two possible ways to fix this limitation:
> 1. Increase the assuan line length limit (>1037 instead of 1000 bytes)

No.

> 2. Change the protocol used for genkey and decrypt
>    - genkey would then return the publich key like readkey as s-expression
>    - decrypt would inquire the encrypted message instead of a setdata
>      before the call of decrypt

Right.  However, the change will be easier:  We send the key using
several status lines.

This will go into GnuPG 2.1 as time permits.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-devel mailing list