Non-deterministic behavior using GnuPG and a smart-card

Peter Lebbing peter at
Thu Feb 9 11:08:12 CET 2017


BTW, welcome to the list, Basil! I think it's interesting you encrypt
each and every mail you receive. That exercises all components a lot, it
might lead to some useful insights on how things might be improved. In
fact, we just encountered such an insight I think!

On 09/02/17 07:02, NIIBE Yutaka wrote:
> This should be fixed.

As a short term solution, you could revoke the encryption subkey and
create a new one with a common keylength; your current subkey is 3104
bits long for some reason, but the common keylength closest would be
3072 bits.

*However*, since you still want to decrypt mail already encrypted to the
revoked key, you would have to store an on-disk regular copy of that
subkey on your PC. If I understand correctly, you already use a regular
on-disk key on your smartphone, so this might not be a problem to you.

Changing subkey stuff has no effect on certifications; if people signed
your key, that signature will still be valid since it is on the primary
key (and an UID), subkeys are not involved in the process.

I'm curious how you ended up with 3104-bits RSA keys on your smartcard
in the first place, by the way!



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170209/ac7c1c4b/attachment.sig>

More information about the Gnupg-users mailing list