Problems with 4096 keys on 2.1 card
list.gnupg-users at acme.nu
Tue Jan 26 23:59:22 CET 2016
Thanks to you both for commenting on this, I do remember the 335 being one
of the most original readers to work without much hazzle.
> Please note that GnuPG 1.4 supports up to 3072-bit. This is because
> of internal library limitation.
> I believe that "gpg" in Ubuntu is GnuPG 1.4. It is "gpg2" when we
> want to use GnuPG 2.0.
Ok, well I thought it kinda used the 2 branch anyway when doing stuff with
cards, I may have misunderstood that - see commands further down though,
switching to "gpg2" does not work.
> Besides, generating a key with off-card backup is actually done by two
> * generating a key on host PC
> * importing that key to card
I know, that was just for showing generate command bailing.
> Unfortunately, I don't have specific information (if card reader works
> with RSA-4096 or not), either. I maintain this list for internal
> According to this list, SCR3500 works well with the internal driver of
That's weird. Dead here without additional drivers, used it on another
installation, also Ubuntu but installed some kind of driver so guess I
didn't use the internal then either.
> In general, the list by PCSC-lite helps.
> Looking the device info, both of SCR335 and SCR3500 work with TPDU
> level exchange. Thus, I believe that both works well for RSA-4096
Then I should be able to do some things differently..
Some misc. commands:
$ gpg --version
gpg (GnuPG) 1.4.16
$ gpg2 --version
gpg (GnuPG) 2.0.22
$ gpg --list-keys
$ gpg2 --list-keys
$ gpg --card-status
whereas gpg2 does NOT. (should it really? - but it is listed in help
$ gpg2 --card-status
gpg: selecting openpgp failed: Unsupported certificate
gpg: OpenPGP card not available: Unsupported certificate
NOTE: v2.1 card inserted in attached SCR335 reader all the time above.
Not sure if there's something here confusing me or I need to buy (yet)
another reader or what..
Maybe I can turn on debugging somewhere to solve this, really need to use
a couple of 4096 subkeys so this is kinda bugging me.
More information about the Gnupg-users