Generating 4096 bit key fails – why?

Felix E. Klee felix.klee at
Tue Oct 27 11:11:04 CET 2015

As already mentioned in the October 2015 thread “Bad secret key” on
<Gpg4win-users-de at>, I cannot generate a 4096 bit on
my [OpenPGP card][1]. What could be the issue?


    $ uname -a
    Linux felix-arch 4.2.3-1-ARCH #1 SMP PREEMPT Sat Oct 3 18:52:50 CEST
    2015 x86_64 GNU/Linux
    $ gpg --version
    gpg (GnuPG) 2.1.9
    libgcrypt 1.6.4
    $ gpg --card-edit

    Application ID ...: D2760001240102010005000040D80000
    Version ..........: 2.1
    Manufacturer .....: ZeitControl
    Serial number ....: 000040D8
    Name of cardholder: Felix Klee
    Language prefs ...: de
    Sex ..............: unspecified
    URL of public key : [not set]
    Login data .......: [not set]
    Signature PIN ....: not forced
    Key attributes ...: rsa2048 rsa2048 rsa2048
    Max. PIN lengths .: 32 32 32
    PIN retry counter : 3 0 3
    Signature counter : 0
    Signature key ....: [none]
    Encryption key....: [none]
    Authentication key: [none]
    General key info..: [none]

    gpg/card> admin
    Admin commands are allowed

    gpg/card> generate
    Make off-card backup of encryption key? (Y/n) n
    What keysize do you want for the Signature key? (2048) 4096
    The card will now be re-configured to generate a key of 4096 bits
    Note: There is no guarantee that the card supports the requested
          size. If the key generation does not succeed, please check the
          documentation of your card to see what sizes are allowed.
    gpg: error changing size of key 1 to 4096 bits: Invalid data


More information about the Gnupg-users mailing list