Card Size Selection

Nicholas Cole nicholas.cole at gmail.com
Tue May 25 17:17:27 CEST 2010


Dear Warner and David,

I've noticed something strange while experimenting with an OpenPGP
card version 2 using gpg 1.4.10.

I've put the transcripts of two --card-edit on-card generations below.

If I select size '3072' for the key size, three keys of 3072bits are created.

If I select key size '2048', the size of key 2 is changed to 1024
automatically (with the message 'gpg: size of key 2 changed to 1024
bits').

If I use the user interface, and not --command-fd and --status-fd,
then everything works as expected (ie. I can create 3 2048 keys).

What is going on?  Is it a bug?

Best wishes,

Nicholas






#### TRANSCRIPTS FOLLOW ############

Macintosh-2:~ nicholas$ gpg --command-fd 0  --with-colons --status-fd
1 --card-edit

gpg: detected reader `Gemplus GemPC Twin 00 00'
[GNUPG:] CARDCTRL 3 D2760001240102000005000004C40000
AID:D2760001240102000005000004C40000:openpgp-card:
version:0200:
vendor:0005:ZeitControl:
serial:000004C4:
name:::
lang:de:
sex:u:
url::
login::
forcepin:1:::
keyattr:1:1:2048:
keyattr:2:1:1024:
keyattr:3:1:2048:
maxpinlen:32:32:32:
pinretry:3:0:3:
sigcount:5:::
private_do:1::
private_do:2::
cafpr::::
fpr:6D483F1319B89F81D7B1F45D0E52F6FDA858F0BF:B1B1694833AE02DD6FEB66A2BE4797AB15F9741E:174C4604138F40F60F87E6947BAEEA320843A299:
fprtime:1274798826:1274798826:1274798826:
[GNUPG:] GET_LINE cardedit.prompt
genkey
[GNUPG:] GOT_IT

Invalid command  (try "help")

[GNUPG:] GET_LINE cardedit.prompt
create
[GNUPG:] GOT_IT

Invalid command  (try "help")

[GNUPG:] GET_LINE cardedit.prompt
admin
[GNUPG:] GOT_IT
Admin commands are allowed

[GNUPG:] GET_LINE cardedit.prompt

[GNUPG:] GET_LINE cardedit.prompt
generate
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE cardedit.genkeys.backup_enc
no
[GNUPG:] GOT_IT

gpg: NOTE: keys are already stored on the card!

[GNUPG:] GET_BOOL cardedit.genkeys.replace_keys
yes
[GNUPG:] GOT_IT

Please note that the factory settings of the PINs are
   PIN = `123456'     Admin PIN = `12345678'
You should change them using the command --change-pin

gpg: 3 Admin PIN attempts remaining before card is permanently locked
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 3 D2760001240102000005000004C40000

Please enter the Admin PIN
[GNUPG:] GET_HIDDEN passphrase.adminpin.ask
12345678
[GNUPG:] GOT_IT















                                                       [GNUPG:]
NEED_PASSPHRASE_PIN OPENPGP 1 D2760001240102000005000004C40000

Please enter the PIN
[GNUPG:] GET_HIDDEN passphrase.pin.ask
123456
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE cardedit.genkeys.size
3072
[GNUPG:] GOT_IT
The card will now be re-configured to generate a key of 3072 bits
NOTE: There is no guarantee that the card supports the requested size.
      If the key generation does not succeed, please check the
      documentation of your card to see what sizes are allowed.
gpg: size of key 1 changed to 3072 bits
[GNUPG:] GET_LINE cardedit.genkeys.size
3072
[GNUPG:] GOT_IT
The card will now be re-configured to generate a key of 3072 bits
gpg: 3 Admin PIN attempts remaining before card is permanently locked
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 3

Please enter the Admin PIN
[GNUPG:] GET_HIDDEN passphrase.adminpin.ask
12345678
[GNUPG:] GOT_IT




                                    gpg: size of key 2 changed to 3072
bits
[GNUPG:] GET_LINE cardedit.genkeys.size
3072
[GNUPG:] GOT_IT
The card will now be re-configured to generate a key of 3072 bits
gpg: 3 Admin PIN attempts remaining before card is permanently locked
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 3

Please enter the Admin PIN
[GNUPG:] GET_HIDDEN passphrase.adminpin.ask
12345678
[GNUPG:] GOT_IT

         gpg: size of key 3 changed to 3072 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
[GNUPG:] GET_LINE keygen.valid
1
[GNUPG:] GOT_IT
Key expires at Wed 26 May 15:53:29 2010 BST

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"

[GNUPG:] GET_LINE keygen.name
Test Key Card
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE keygen.email

[GNUPG:] GOT_IT
[GNUPG:] GET_LINE keygen.comment

[GNUPG:] GOT_IT
You selected this USER-ID:
    "Test Key Card"

gpg: generating new key
gpg: 3 Admin PIN attempts remaining before card is permanently locked
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 3

Please enter the Admin PIN
[GNUPG:] GET_HIDDEN passphrase.adminpin.ask
12345678
[GNUPG:] GOT_IT






                                                      gpg: please wait
while key is being generated ...
gpg: key generation completed (51 seconds)
gpg: signatures created so far: 0
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1
D2760001240102000005000004C40000/E664B97130A3E2D466F4166CCAFD187A73D06E95

Please enter the PIN
[sigs done: 0]
[GNUPG:] GET_HIDDEN passphrase.pin.ask
123456
[GNUPG:] GOT_IT
gpg: generating new key
gpg: please wait while key is being generated ...
gpg: key generation completed (72 seconds)
gpg: signatures created so far: 1
gpg: signatures created so far: 2
gpg: generating new key
gpg: please wait while key is being generated ...
gpg: key generation completed (57 seconds)
gpg: signatures created so far: 3
gpg: signatures created so far: 4
gpg: key 73D06E95 marked as ultimately trusted
public and secret key created and signed.

pub:i:3072:1:CAFD187A73D06E95:2010-05-25:2010-05-26::u:Test Key Card::s:
fpr:::::::::E664B97130A3E2D466F4166CCAFD187A73D06E95:
sub:i:3072:1:E5BF8C59B71B2F52:2010-05-25:2010-05-26::::::
sub:i:3072:1:60DD34DD7DC5C462:2010-05-25:2010-05-26::::::
[GNUPG:] KEY_CREATED B E664B97130A3E2D466F4166CCAFD187A73D06E95

[GNUPG:] GET_LINE cardedit.prompt
generate
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE cardedit.genkeys.backup_enc
/tmp/backup-file
[GNUPG:] GOT_IT

gpg: NOTE: keys are already stored on the card!

[GNUPG:] GET_BOOL cardedit.genkeys.replace_keys
y
[GNUPG:] GOT_IT

Please note that the factory settings of the PINs are
   PIN = `123456'     Admin PIN = `12345678'
You should change them using the command --change-pin

[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1 D2760001240102000005000004C40000

Please enter the PIN
[GNUPG:] GET_HIDDEN passphrase.pin.ask
123456
[GNUPG:] GOT_IT


                  [GNUPG:] GET_LINE cardedit.genkeys.size
2048
[GNUPG:] GOT_IT
The card will now be re-configured to generate a key of 2048 bits
gpg: size of key 1 changed to 2048 bits
[GNUPG:] GET_LINE cardedit.genkeys.size
2048
[GNUPG:] GOT_IT
The card will now be re-configured to generate a key of 2048 bits
gpg: 3 Admin PIN attempts remaining before card is permanently locked
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 3

Please enter the Admin PIN
[GNUPG:] GET_HIDDEN passphrase.adminpin.ask
12345678
[GNUPG:] GOT_IT

         gpg: size of key 2 changed to 2048 bits
[GNUPG:] GET_LINE cardedit.genkeys.size
2048
[GNUPG:] GOT_IT
The card will now be re-configured to generate a key of 2048 bits
gpg: 3 Admin PIN attempts remaining before card is permanently locked
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 3

Please enter the Admin PIN
[GNUPG:] GET_HIDDEN passphrase.adminpin.ask
12345678
[GNUPG:] GOT_IT

         gpg: size of key 3 changed to 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
[GNUPG:] GET_LINE keygen.valid
1
[GNUPG:] GOT_IT
Key expires at Wed 26 May 15:59:44 2010 BST

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"

[GNUPG:] GET_LINE keygen.name
Test Key Card 2
[GNUPG:] GOT_IT
[GNUPG:] GET_LINE keygen.email

[GNUPG:] GOT_IT
[GNUPG:] GET_LINE keygen.comment

[GNUPG:] GOT_IT
You selected this USER-ID:
    "Test Key Card 2"

gpg: generating new key
gpg: 3 Admin PIN attempts remaining before card is permanently locked
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 3

Please enter the Admin PIN
[GNUPG:] GET_HIDDEN passphrase.adminpin.ask
12345678
[GNUPG:] GOT_IT






                                                      gpg: please wait
while key is being generated ...
gpg: key generation completed (33 seconds)
gpg: signatures created so far: 0
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1
D2760001240102000005000004C40000/18DCAE60403CEFCEE2519108C9A3D625C4FB8184

Please enter the PIN
[sigs done: 0]
[GNUPG:] GET_HIDDEN passphrase.pin.ask
123456
[GNUPG:] GOT_IT
gpg: generating new key
gpg: please wait while key is being generated ...
gpg: key generation completed (29 seconds)
gpg: signatures created so far: 1
gpg: signatures created so far: 2
You need a Passphrase to protect your secret key.

[GNUPG:] NEED_PASSPHRASE_SYM 3 3 2
[GNUPG:] GET_HIDDEN passphrase.enter
123456
[GNUPG:] GOT_IT
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen X 100 100
[GNUPG:] PROGRESS primegen . 0 0
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen + 0 0
[GNUPG:] PROGRESS primegen X 100 100
gpg: writing new key
gpg: size of key 2 changed to 1024 bits
gpg: 3 Admin PIN attempts remaining before card is permanently locked
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 3

Please enter the Admin PIN
[GNUPG:] GET_HIDDEN passphrase.adminpin.ask
12345678
[GNUPG:] GOT_IT
gpg: NOTE: backup of card key saved to
`/Users/nicholas/.gnupg/sk_2CF23CCB5C4C0D99.gpg'
[GNUPG:] BACKUP_KEY_CREATED 8929C407CAE1B2BCC9707DAF2CF23CCB5C4C0D99
/Users/nicholas/.gnupg/sk_2CF23CCB5C4C0D99.gpg
gpg: signatures created so far: 3
[GNUPG:] NEED_PASSPHRASE_PIN OPENPGP 1
D2760001240102000005000004C40000/18DCAE60403CEFCEE2519108C9A3D625C4FB8184

Please enter the PIN
[sigs done: 3]
[GNUPG:] GET_HIDDEN passphrase.pin.ask
123456
[GNUPG:] GOT_IT
gpg: signatures created so far: 4
public and secret key created and signed.

pub:i:2048:1:C9A3D625C4FB8184:2010-05-25:2010-05-26::u:Test Key Card 2::s:
fpr:::::::::18DCAE60403CEFCEE2519108C9A3D625C4FB8184:
sub:i:2048:1:0854C8CA683554ED:2010-05-25:2010-05-26::::::
sub:i:1024:1:2CF23CCB5C4C0D99:2010-05-25:2010-05-26::::::
[GNUPG:] KEY_CREATED B 18DCAE60403CEFCEE2519108C9A3D625C4FB8184

[GNUPG:] GET_LINE cardedit.prompt



More information about the Gnupg-devel mailing list