Trying to create auth key on GPF CryptoStick

Paul Hartman paul.hartman at gmail.com
Mon Jan 2 18:25:43 CET 2012


On Mon, Jan 2, 2012 at 2:01 AM, Martin Gollowitzer <gollo at fsfe.org> wrote:
> * Paul Hartman <paul.hartman at gmail.com> [120102 08:52,
>  mID <CAEH5T2O4HFyOFTKi8Bm16gXwcZhBpTmVQz7NQiQBW3yKmh5_LA at mail.gmail.com>]:
>
>> Hi,
>>
>> I got a GPF CryptoStick 1.2 yesterday and have successfully added my
>> new signing and encrypting subkeys to the card using GPG 2.0.18 and
>> using it without trouble so far for those purposes. However, when I
>> tried to create an authentication key it gives this error twice:
>> gpg: key generation failed: Card error
>> gpg: Key generation failed: Card error
>>
>> To get there, I ran "gpg --edit-key <my keynum>", then "addcardkey"
>> command, chose Authentication key, 4096 keysize, enter the requested
>> PINs and passphrase, but it results in the error above.
>>
>> It is likely I'm doing something wrong, but am not sure what... if
>> someone has any clues, it is appreciated if you can point me in the
>> right direction.
>
> Even v2 cards can't carry 4096 Bit keys. The maximum size is 3072 Bits
> IIRC.

Hi Martin,

Crypto-Stick website states that it supported 4096-bit keys when using
gnupg 2.0.18, and my signing and encryption subkeys on the card are in
fact already 4096 bits, but they were created with gnupg on my PC and
then transferred to the card, whereas the auth key creation is
happening on the card itself, so maybe it has different limitations in
this scenario (card-generated vs PC-generated). As far as I can tell,
creation of the auth key outside of the smartcard is not supported.

I just tried 3072 bits and it worked. Thanks!



More information about the Gnupg-users mailing list