SmartCard decryption issues
beckus at beckus.eu
Wed Nov 11 09:31:39 CET 2015
On 11/10/15 02:53, NIIBE Yutaka wrote:
> On 11/09/2015 11:50 PM, Christopher Beck wrote:
>> I have got two sub-keys on the card, one for signing and one for
>> decryption. Both keys are 4096 bit in size. The issues are only on the
>> decrpting process: Signing works well, but when I try to decrypt
>> something (an e-mail or an encrypted file) it just says, there is no
>> secret key. I switched on debugging output and it tells me:
>> "public key decryption failed: General error
>> decryption failed: No secret key"
>> I checked $ gpg -K and $gpg --card-status and so on, and it tells me
>> exactly the same i can see on my other computers: there are two keys
>> available on the smart-card. So I am wondering, what the problem is. The
>> version of gpg is 2.0.14 on scientific linux 6.
> I think that 2.0.14 doesn't work well for RSA-4096 decryption on card.
> It was 2.0.20 (in 2013) which fixed this problem. (The error message
> was not kind enough, it's not correctly describe the issue.)
> The problem was, in short, the size of data. Smartcard was designed
> to handle "small" data, but RSA-4096 is a way big for old design
> assumptions. In case of signing, because the signature is not that
> big, it works well. It doesn't work for decryption, since the data
> size is 4096-bit (= 512-byte). Traditionally, smartcard was designed
> with the assumption of 256-byte is considered "big", and host software
> for smartcard assumed data size is less than 256-byte.
thanks. Then I'll have to upgrade it.
I use GnuPG (GPG) for E-Mail encryption and signing. If you want some privacy, my public key ID is 2F9D4F14. The file "singature.asc" this message includes contains a cryptographic signature which enables you to verify this E-Mail really was written by me.
Christopher Beck, DL1CHB
Tel.: 09131 / 9245437
Fax.: 09131 / 8148708
Jabber: beckus at jabber.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users