Problems with 4096 keys on 2.1 card

NIIBE Yutaka gniibe at fsij.org
Wed Jan 27 00:52:32 CET 2016


On 01/27/2016 07:59 AM, Jorgen Ottosson wrote:
> $ gpg --card-status
> 
> -> works

Yes.  GnuPG 1.4 works here, but it doesn't work for RSA-4096 keys.
I guess that you don't configure GnuPG 1.4 to use gpg-agent.
In that setting, gpg tries to connect your reader directly.

> $ gpg2 --card-status
> gpg: selecting openpgp failed: Unsupported certificate
> gpg: OpenPGP card not available: Unsupported certificate

This is different thing.  It is the problem of smartcard, not specific
to RSA-4096.

I think you are using GNOME keyring.  Old versions of GNOME keyring
had a feature to try to replace a part of functionality of gpg-agent,
it was a kind of emulation of gpg-agent.  And it doesn't support
any commands for smartcard, and it resulted mysterious errors like
above.

It had been difficult to configure GNOME keyring (to stop the feature
of gpg-agent) properly.  Here is some info:

    http://www.gniibe.org/memo/notebook/gnome3-gpg-settings.html

In the days of GNOME 2.x, it was gconftool-2.  In the days of GNOME
3.0, it was gnome-session-properties.  For GNOME 3.1 or later, we
need to change the way how to invoke gnome-keyring.

Fortunately, I've heard that gnome-keyring is fixed now.  I, for
myself, gave up with GNOME and currently using XFCE4.  However, I
encountered another:

    https://bugs.debian.org/791378
-- 



More information about the Gnupg-users mailing list