Problems with 4096 keys on 2.1 card

Jorgen Ottosson list.gnupg-users at
Tue Jan 26 00:18:26 CET 2016

On 25 Jan 2016 at 21:07, NIIBE Yutaka wrote:

> However, please note that many card readers have problems with larger
> APDU.  Generating keys on card should be ok, but importing keys would
> be failed with bad reader.  Signing should be ok, but decryption would
> be failed with bad reader.  That's because of length of APDU.
> --

Can't really confirm that here, generating seem not to work either.

gpg --card-status

Version ..........: 2.1
Manufacturer .....: ZeitControl
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Private DO 1 .....: [not set]
Private DO 2 .....: [not set]
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

gpg --card-edit

gpg/card> admin

gpg/card> generate
Make off-card backup of encryption key? (Y/n) n
Please enter the PIN
What keysize do you want for the Signature key? (2048) 4096
RSA keysizes must be in the range 1024-3072
What keysize do you want for the Signature key? (2048)
gpg: Interrupt caught ... exiting

SO: it seems the card will not generate larger keys then.
I have several readers but am testing here with SCR335.

Any way to pin-point my issue in more detail? Is my reader known to not
support 4096? Info on readers who will? I also have a scr3500 somewhere
but think I'll have to install drivers for that one to work, the SCR335
work with internal gpg drivers if I'm not mistaken whereas the 3500 don't
work when attached as is.

I also find it somewhat hard to get info on support for "Extended length"
in several card reader's product-info pdfs I've looked at.


More information about the Gnupg-users mailing list