smart card with 4096 bit keys

Simon Richter Simon.Richter at
Wed Apr 28 21:44:16 CEST 2010


On Wed, Apr 28, 2010 at 07:37:49PM +0200, Joke de Buhr wrote:


> Within an email developers stated the usb stick itself could handle keys with 
> a length of 4096 but gnupg doesn't support these key lengths.

The key length is limited by the card firmware. For each crypto
operation, a data block with the same size as the key needs to be
transferred to the card, which needs to have buffer space available for
the data.

While the crypto processor itself can handle 4096 bit keys, the code
running on the card that implements the card "file system" and prods the
crypto unit to work cannot handle that (and a bug in the decryption code
also precludes using 3072 bit "encryption" keys).

> Is there any way of transferring my existing 4096 bit keys to the card. 
> Generating new 3072 bit keys worked fine but it would be a lot better if I 
> could stick to my 4096 keys.

You can use the card for subkeys only.


More information about the Gnupg-users mailing list