FAQ: Re: key length

Werner Koch wk at gnupg.org
Thu Aug 7 15:51:56 CEST 2014

On Thu,  7 Aug 2014 01:12, gniibe at fsij.org said:

> Card implementation can support multiple key lengths.  There is a bit
> defined in the extended card capabilities, and when it's set, host can
> write the key attributes to change its key length (if such a key

Let me remark that there is no way to know what key length are supported
by the card.  Unless we want to checkout the vendor and ranges of card
numbers.  This is the reason why you see a warning prompt if you try to
use a different key length.

> It just means: You can't put your private keys to (some) OpenPGP card
> implementation if its key size or algorithm is not supported by the
> card/token.

Hopefully we will eventually settle for Ed25519 and Curve25519 as
standard algorithms.  It is definitely something I like to see in a new
card or a "mass" production gnuk token.  The recent USB firmware hacks
may actually help to favor a non-secure chip with open firmware (gnuk)
over an unknown-firmware card-reader+card solution.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list