Patch for 4096-bit keys on OpenPGP cards

Chris Boyle chris at
Wed Mar 30 16:08:01 CEST 2011

I've written a patch[0] (N.B.: ugly first attempt) to remove the
current 3072-bit hardware key size limit relating to the Assuan line
length, and last night successfully used it to generate (and encrypt,
decrypt, sign and verify with) a 4096-bit key on an OpenPGP device[1].
This is against 2.0.17 currently, because smartcards in 2.1 appear to
be part-way through an architectural change[2] and I'm impatient. :-)
I realise I'm working behind the curve here and am happy to redo this
once cards work in >=2.1. The patch uses s-expressions instead of
status lines to return the key from key generation (it seems software
key generation already did this), and inquiries instead of SETDATA for
the input to PKDECRYPT.

There are at least the following things wrong with this:

 * It is a flag day between gpg2, gpg-agent and scdaemon (i.e. if any
of them are not upgraded, generation/decryption with cards will fail),
and it doesn't need to be. It could still send the SETDATA commands /
status lines, if the key is small enough.
 * I was getting just version info and an exit(0) when trying gpg2
--card-edit $MY_NEW_KEY_ID, and haven't investigated why yet.
 * I have not checked that I haven't broken things with any other
hardware. I only have the Crypto Stick.
 * It refuses to attempt >4096 bits; perhaps future cards will allow that.
 * Changelogs/docs changes might be incomplete.
 * Nobody else has seen it yet. :-)

I hope to eventually see this capability merged, whether by this
method or some other, but I don't know if there's any interest in
doing so before 2.1? I am guessing not. Anyway, it is useful to me
here and now, which is why I wrote it. I'll continue to tidy it up a
bit: I guess fix the first two problems in that list. Obviously if
anyone wants to tell me more about anything I should change in order
to get it merged, I'm all ears.

(At some point, I will want to start "production" use of my Crypto
Stick, without a backup of the key, at which point I would need to buy
another in order to test key generation again, since it only has
capacity for one key (3 RSA pairs). Wondering whether to splash out
for that sooner or later.)


Chris Boyle

More information about the Gnupg-devel mailing list