OpenPGP card v2.1 and Cherry ST-2000U - Only 1024-bit keys are possible

NIIBE Yutaka gniibe at
Tue Sep 15 09:29:23 CEST 2015

On 09/11/2015 08:14 PM, Guan Xin wrote:
> I tried the combination of
>   pcsc-lite-1.8.14
>   ccid-1.4.20
>   gnupg-2.0.29 (configured with --disable-ccid-driver)
> Both 2048 and 4096-bit keys can be generated without error.
> Also tried gnupg-2.0.29 using its internal ccid-driver with debug output
> enabled in "$HOME/.gnupg/scdaemon.conf". There was indeed a timeout.

Thank you for your confirmation.

Well, I'm going to fix ccid-driver of GnuPG scdaemon to support
OpenPGPcard v2.1 correctly.

Currently, ccid-driver's timeout is 5 seconds.  If I calculate it
correctly, the timeout for OpenPGPcard v2.0 is (3.3 + 1) = 4.3 seconds
by pcscd+libccid.

I think that timeout for OpenPGPcard v2.1 would be different.  If
possible, could you please show us the ATR string of the card?
It's in the debug log of scdaemon.  It's like the like:

slot 0: ATR=xx xx xx xx xx xx xx xx ...

This ATR string defines the timeout of communication.

More information about the Gnupg-users mailing list