Using Scute with a 4096-bit key and TLSv1.2?

Nicolas Boullis nicolas.boullis at
Tue Sep 27 12:23:22 CEST 2016


I’ve long been using GnuPG with a PKCS#15 token, through OpenSC and 
gnupg-pkcs11-scd. Then I switched to an OpenPGP smartcard, and I’m very 
happy with the (much) simpler configuration and the ability to use my 
smartcard for SSH authentication.

Now, I’d love it if I could also use my smartcard for https 
authentication with client certificate, so I gave a try to Scute.

First issue: I have 4096-bit keys, which the current release of scute 
(1.4.0) does not handle. Fortunately, the problem is fixed in git.

Second issue: also it now seems to work fine with TLSv1.1, it fails with 
TLSv1.2. Firefox reports:
    A PKCS #11 module returned CKR_FUNCTION_FAILED, indicating that the 
    requested function could not be performed. Trying the same operation 
    again might succeed. Error code: SEC_ERROR_PKCS11_FUNCTION_FAILED

As far as I can see, this problem was discussed 2 years ago on this 
and the commit e22c8cfa12849b215f16afb34f7a5dc233dbc70a seems to be 
meant to address this problem…

Any idea how I can have this problem fixed?
I am no crypto-guru and probably can’t solve this problem all by myself, 
but I’d be happy to test things…

BTW, are there plans to release Scute 1.5.0 anytime soon?

FWIW, I’m running Debian 8.6 (Jessie) with the provided GnuPG; I only 
tried tu build Scute from git.


Nicolas Boullis

More information about the Gnupg-devel mailing list