key length for smart card key generation

Josef Schneider josef at netpage.dk
Wed Feb 27 12:03:22 CET 2013


Hello,
with the current version of GPG 2 you can import 4096bit keys to a
OpenPGP smartcard version 2.0.
There is a bug in GPG2 that prevents it from decrypting data with a
key longer than 3072bit on a OpenPGP smartcard. This should be fixed
in the GIT repository.
AFAIK a version 1 card doesn't support keys longer than 1024bit! "gpg
--card-status" should tell you which version you have.



Best regards,
Josef Schneider


On Tue, Feb 26, 2013 at 7:04 PM, Anonymous Remailer (austria)
<mixmaster at remailer.privacy.at> wrote:
>
>
>
> Hello,
>
> I am able to use the gpg2 --edit-card to generate a 2048 bit secret key
> on the card and the stub in the local key ring.  Encrypt/Decrypt
> functionality seems to be working.
>
> I read two other old posts on this list that seem to indicate that this
> is all gnupg supports:
> * You cannot import existing secret keys to the card
> * You cannot choose different key lengths for the keys
>
> Is that correct?  Do I need to use a different tool to put 4096 bit
> keys on my card?  Can anyone recommend which (free/linux/unix) tool to use to
> manage keys on the smart card?
>
> (When I try to use the gpg2 --edit-key, and then keytocard, I get an
> error saying importing keys is not supported).
>
> Thanks
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



More information about the Gnupg-users mailing list