Non-deterministic behavior using GnuPG and a smart-card

Dr. Basil Becker basil at
Thu Feb 9 11:39:34 CET 2017

Hi Peter et al. 

Am 9. Februar 2017 11:08:12 MEZ schrieb Peter Lebbing <peter at>:
> I think it's interesting you encrypt
>each and every mail you receive. That exercises all components a lot,
>might lead to some useful insights on how things might be improved. In
>fact, we just encountered such an insight I think!

To encrypt every mail I receive is an option, that my mail - provider offers. I uploaded my public key and each incoming mail becomes encrypted. In my opinion quite a good trade off, given the general usage of mail encryption outside of this list. 
>On 09/02/17 07:02, NIIBE Yutaka wrote:
>> This should be fixed.
Is there anything else I could provide in order to help with the bug-fix?Logs,traces anything? Of course I can offer my environment to do some tests. 
Should I file a bug report for this issue? 

>As a short term solution, you could revoke the encryption subkey and
>create a new one with a common keylength;

Yes, this is an option. 

>If I understand correctly, you already use a regular
>on-disk key on your smartphone, so this might not be a problem to you.
Actually, I'm using my smart-card also on my phone through an USB OTG cable. Nevertheless, I have an backup of my encryption key, I could facilitate to overcome the current limitations. 

>Changing subkey stuff has no effect on certifications; if people signed
>your key, that signature will still be valid since it is on the primary
>key (and an UID), subkeys are not involved in the process.
Thanks for pointing out. I'll consider using a more standard encryption key. 

>I'm curious how you ended up with 3104-bits RSA keys on your smartcard
>in the first place, by the way!
I decided for this unusual key length more or less for the reason of obscurity. I had the unproven hope that using an unusual key length would make attacks harder. However, I did not expect it to complicate the general usage :) 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 691 bytes
Desc: not available
URL: </pipermail/attachments/20170209/f672d1ac/attachment.sig>

More information about the Gnupg-users mailing list