scute / firefox: cannot connect to GPG agent

Fabian Peter Hammerle fabian.hammerle at
Mon Jun 5 19:54:47 CEST 2017

> Did you import your new certificate onto the Yubikey? Because independently
> of what your gpgsm store may contain, Scute will always try to fetch the
> certificate from the token itself.

Ah, I didn't know I had to write the certificate onto the Yubikey.
I only imported it into gpgsm following this guide:

> Could you extract the certificate from the smartcard and have a look at it?
>   $ gpg --card-edit
>   gpg/card> readcert 3 > file.der
>   gpg/card> quit

$ od -x file.der
> 0000000 217f 0082 ffff ffff ffff ffff ffff ffff
> 0000020 ffff ffff ffff ffff ffff ffff ffff ffff
> *
> 0000400 ffff 00ff
> 0000403

I just tried to write the certificate onto the Yubiykey:

$ gpg --edit-card
Reader ...........: Yubico Yubikey 4 OTP U2F CCID 00 00
ssb>  rsa4096/3AA08B6113EC625C  created: 2016-12-25  expires: never
gpg/card> admin
Admin commands are allowed
gpg/card> writecert 3 <new-cert.der
gpg: error writing certificate to card: Provided object is too large

Do I have to choose a smaller key size?

Thanks a lot

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </pipermail/attachments/20170605/bbbf3fd4/attachment.sig>

More information about the Gnupg-users mailing list