SmartCard decryption issues

Christopher Beck beckus at beckus.eu
Wed Nov 11 09:31:39 CET 2015


On 11/10/15 02:53, NIIBE Yutaka wrote:
> On 11/09/2015 11:50 PM, Christopher Beck wrote:
>> I have got two sub-keys on the card, one for signing and one for
>> decryption. Both keys are 4096 bit in size. The issues are only on the
>> decrpting process: Signing works well, but when I try to decrypt
>> something (an e-mail or an encrypted file) it just says, there is no
>> secret key. I switched on debugging output and it tells me:
>>
>> "public key decryption failed: General error
>> decryption failed: No secret key"
>>
>> I checked $ gpg -K and $gpg --card-status and so on, and it tells me
>> exactly the same i can see on my other computers: there are two keys
>> available on the smart-card. So I am wondering, what the problem is. The
>> version of gpg is 2.0.14 on scientific linux 6.
> I think that 2.0.14 doesn't work well for RSA-4096 decryption on card.
> It was 2.0.20 (in 2013) which fixed this problem.  (The error message
> was not kind enough, it's not correctly describe the issue.)
>
> The problem was, in short, the size of data.  Smartcard was designed
> to handle "small" data, but RSA-4096 is a way big for old design
> assumptions.  In case of signing, because the signature is not that
> big, it works well.  It doesn't work for decryption, since the data
> size is 4096-bit (= 512-byte).  Traditionally, smartcard was designed
> with the assumption of 256-byte is considered "big", and host software
> for smartcard assumed data size is less than 256-byte.
Hi,

thanks. Then I'll have to upgrade it.

Best Regards

Christopher

-- 
I use GnuPG (GPG) for E-Mail encryption and signing. If you want some privacy, my public key ID is 2F9D4F14. The file "singature.asc" this message includes contains a cryptographic signature which enables you to verify this E-Mail really was written by me.

Christopher Beck, DL1CHB

Gerhart-Hauptmann-Str. 1
91058 Erlangen
Tel.: 09131 / 9245437
Fax.: 09131 / 8148708
Jabber: beckus at jabber.org


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20151111/bb482473/attachment.sig>


More information about the Gnupg-users mailing list