OpenPGP card and 4096 bit keys

Klaus Flittner klaus at
Mon Oct 19 19:55:13 CEST 2009


i have a openpgp card that supports 4096 keys (even the one from
kernelconcepts seems to support them). But the usage with gpg is
restricted to 3072 bit due to limits from the communication protocol
between gpg, gpg-agent and scdaemon.

As far as i've looked into the code the only two commands that cause a
problem are:
- genkey: Public Key is returned via status lines
- decrypt: encrypted message is passed as an extra command

In my opinion there are two possible ways to fix this limitation:
1. Increase the assuan line length limit (>1037 instead of 1000 bytes)
2. Change the protocol used for genkey and decrypt
   - genkey would then return the publich key like readkey as s-expression
   - decrypt would inquire the encrypted message instead of a setdata
     before the call of decrypt

Has any of these two options a chance to be included in gnupg?

Klaus Flittner

More information about the Gnupg-devel mailing list