Problems with 4096 keys on 2.1 card

Jorgen Ottosson list.gnupg-users at
Tue Jan 26 23:59:22 CET 2016

Thanks to you both for commenting on this, I do remember the 335 being one
of the most original readers to work without much hazzle.

> Please note that GnuPG 1.4 supports up to 3072-bit.  This is because
> of internal library limitation.
> I believe that "gpg" in Ubuntu is GnuPG 1.4.  It is "gpg2" when we
> want to use GnuPG 2.0.

Ok, well I thought it kinda used the 2 branch anyway when doing stuff with
cards, I may have misunderstood that - see commands further down though,
switching to "gpg2" does not work.

> Besides, generating a key with off-card backup is actually done by two
> steps:
>   * generating a key on host PC
>   * importing that key to card

I know, that was just for showing generate command bailing.

> Unfortunately, I don't have specific information (if card reader works
> with RSA-4096 or not), either.  I maintain this list for internal
> driver.

Nice link.

> According to this list, SCR3500 works well with the internal driver of
> GnuPG.

That's weird. Dead here without additional drivers, used it on another
installation, also Ubuntu but installed some kind of driver so guess I
didn't use the internal then either.

> In general, the list by PCSC-lite helps.
> Looking the device info, both of SCR335 and SCR3500 work with TPDU
> level exchange.  Thus, I believe that both works well for RSA-4096
> keys.

Then I should be able to do some things differently..

Some misc. commands:

$ gpg --version
gpg (GnuPG) 1.4.16

$ gpg2 --version
gpg (GnuPG) 2.0.22

$ gpg --list-keys

-> works

$ gpg2 --list-keys

also works


$ gpg --card-status

-> works

whereas gpg2 does NOT. (should it really? - but it is listed in help
output though)

$ gpg2 --card-status
gpg: selecting openpgp failed: Unsupported certificate
gpg: OpenPGP card not available: Unsupported certificate

NOTE: v2.1 card inserted in attached SCR335 reader all the time above.

Not sure if there's something here confusing me or I need to buy (yet)
another reader or what..
Maybe I can turn on debugging somewhere to solve this, really need to use
a couple of 4096 subkeys so this is kinda bugging me.


More information about the Gnupg-users mailing list