Problem: cannot generate / copy keys larger than 1024bit on my OpenPGP-compatible card

[Branko Majic]

On Sun, 3 Jun 2012 17:45:16 +0200
Robin Kipp <mlists at robin-kipp.net> wrote:

> Hi,
> 
> Am 03.06.2012 um 16:46 schrieb Branko Majic:
> 
> > Well, OmniKey is famous for not working with stock libccid and
> > extended apdus. I had such problems with the OpenSC pkcs#11 and
> > pcscd. Can you try smaller key sizes (never worked with OpenPGP,
> > but it "solved" the issue for me - using 1k keys instead of 2k)
> 
> Wow... That's unfortunate for me... Yes, I can generate keys up to
> 1024-bit in length on the card. However, as I'd much rather use
> 2048-bit keys, I guess I'll just have to sort things out with the
> retailer I got it from... Can you recommend another brand that
> produces readers which are easier to use? E.g. Gemalto or G&D or
> anything in that direction. Thanks a lot! Robin

One thing I forgot to add (I was typing on a telephone) was that in
case of pcscd you can use the extended APDU, but only if you're using
the proprietary driver from OmniKey (pcsc-omnikey in Debian/Ubuntu
non-free, for example). If gnupg goes through the psccd, this could
allow you use of larger keys. A useful page for you should also be (the
"CCID/ICCD readers" section):

http://pcsclite.alioth.debian.org/ccid.html

This driver collides with libccid, btw, so only one of those can be
active at the same time. The proprietary driver also provides the
contactless reader capability (almost nobody makes CCID-compliant
contactless readers unfortunately).

Best regards


-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20120603/1961bab7/attachment.pgp>