key length for smart card key generation

Josef Schneider josef at
Wed Feb 27 12:03:22 CET 2013

with the current version of GPG 2 you can import 4096bit keys to a
OpenPGP smartcard version 2.0.
There is a bug in GPG2 that prevents it from decrypting data with a
key longer than 3072bit on a OpenPGP smartcard. This should be fixed
in the GIT repository.
AFAIK a version 1 card doesn't support keys longer than 1024bit! "gpg
--card-status" should tell you which version you have.

Best regards,
Josef Schneider

On Tue, Feb 26, 2013 at 7:04 PM, Anonymous Remailer (austria)
<mixmaster at> wrote:
> Hello,
> I am able to use the gpg2 --edit-card to generate a 2048 bit secret key
> on the card and the stub in the local key ring.  Encrypt/Decrypt
> functionality seems to be working.
> I read two other old posts on this list that seem to indicate that this
> is all gnupg supports:
> * You cannot import existing secret keys to the card
> * You cannot choose different key lengths for the keys
> Is that correct?  Do I need to use a different tool to put 4096 bit
> keys on my card?  Can anyone recommend which (free/linux/unix) tool to use to
> manage keys on the smart card?
> (When I try to use the gpg2 --edit-key, and then keytocard, I get an
> error saying importing keys is not supported).
> Thanks
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list