Generating RSA-4096 on Nitrokey Pro
Szczepan Zalega | Nitrokey
szczepan at nitrokey.com
Mon Mar 20 11:45:19 CET 2017
On 03/20/2017 10:39 AM, Szczepan Zalega | Nitrokey wrote:
> As far as I remember it worked on Ubuntu 16.04 with GPG 2.0.x. I use now
> Ubuntu 16.10 with GPG 2.1.15. Logs attached.
I have just checked it on Ubuntu 16.04.2-server. It has a GPG with
version 2.1.11 (not 2.0.x, my mistake) and scdaemon in same version. The
keys have been generated successfully although it took about 15 minutes
to complete.
[1] http://paste.ubuntu.com/24214504/ - run log on GPG 2.1.11 / Ubuntu
16.04-2-server - another attempt
--
Best regards,
Szczepan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: u16.04.2-server-nkpro0.7-rsa4096-run.log_2.scdaemon.gz
Type: application/gzip
Size: 45953 bytes
Desc: not available
URL: </pipermail/attachments/20170320/371bbf56/attachment-0001.gz>
-------------- next part --------------
sz at ubuntu:~/.gnupg⟫ gpg2 --card-status
Reader ...........: 20A0:4108:0000319E0000000000000000:0
Application ID ...: D27600012401020100050000319E0000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 0000319E
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 4
Signature key ....: 8001 0607 0C35 871D 8059 4BEF F83E 08C1 88EE F49F
created ....: 2017-03-20 09:56:45
Encryption key....: B120 6769 0ABD 2532 B05A 691B 485B 53AD 1FB6 C046
created ....: 2017-03-20 09:56:45
Authentication key: 0A6C 7707 9326 2A25 2570 EAA6 9249 30CF C3D6 2787
created ....: 2017-03-20 09:56:45
General key info..: pub rsa4096/88EEF49F 2017-03-20 nkpro at 4096 (nkpro at 4096) <nkpro at 4096>
sec> rsa4096/88EEF49F created: 2017-03-20 expires: 2017-03-21
card-no: 0005 0000319E
ssb> rsa4096/C3D62787 created: 2017-03-20 expires: 2017-03-21
card-no: 0005 0000319E
ssb> rsa4096/1FB6C046 created: 2017-03-20 expires: 2017-03-21
card-no: 0005 0000319E
sz at ubuntu:~/.gnupg⟫ tail scdaemon.log
2017-03-20 11:16:50 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:50 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1
2017-03-20 11:16:51 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:51 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1
2017-03-20 11:16:51 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:51 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1
2017-03-20 11:16:52 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:52 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1
2017-03-20 11:16:52 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:52 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1
sz at ubuntu:~/.gnupg⟫ gpg2 --card-edit
Reader ...........: 20A0:4108:0000319E0000000000000000:0
Application ID ...: D27600012401020100050000319E0000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 0000319E
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 4
Signature key ....: 8001 0607 0C35 871D 8059 4BEF F83E 08C1 88EE F49F
created ....: 2017-03-20 09:56:45
Encryption key....: B120 6769 0ABD 2532 B05A 691B 485B 53AD 1FB6 C046
created ....: 2017-03-20 09:56:45
Authentication key: 0A6C 7707 9326 2A25 2570 EAA6 9249 30CF C3D6 2787
created ....: 2017-03-20 09:56:45
General key info..: pub rsa4096/88EEF49F 2017-03-20 nkpro at 4096 (nkpro at 4096) <nkpro at 4096>
sec> rsa4096/88EEF49F created: 2017-03-20 expires: 2017-03-21
card-no: 0005 0000319E
ssb> rsa4096/C3D62787 created: 2017-03-20 expires: 2017-03-21
card-no: 0005 0000319E
ssb> rsa4096/1FB6C046 created: 2017-03-20 expires: 2017-03-21
card-no: 0005 0000319E
gpg/card> admin
Admin commands are allowed
gpg/card> generate
Make off-card backup of encryption key? (Y/n) n
gpg: Note: keys are already stored on the card!
Replace existing keys? (y/N) y
Please note that the factory settings of the PINs are
PIN = '123456' Admin PIN = '12345678'
You should change them using the command --change-pin
What keysize do you want for the Signature key? (4096)
What keysize do you want for the Encryption key? (4096)
What keysize do you want for the Authentication key? (4096)
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 1
Key expires at Tue 21 Mar 2017 11:17:12 AM CET
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: nkpro4096-2 at 16.04.2-server
Email address: nkpro4096-2 at 16.04.2-server
Comment: nkpro4096-2 at 16.04.2-server
You selected this USER-ID:
"nkpro4096-2 at 16.04.2-server (nkpro4096-2 at 16.04.2-server) <nkpro4096-2 at 16.04.2-server>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
gpg: key 47AAA5F9 marked as ultimately trusted
gpg: revocation certificate stored as '/home/sz/.gnupg/openpgp-revocs.d/C2B5317381CEC39AFE3C9C0B7C92
2A3E47AAA5F9.rev'
public and secret key created and signed.
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: PGP
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2017-03-21
gpg/card> pub rsa4096/47AAA5F9 2017-03-20 [S] [expires: 2017-03-21]
Key fingerprint = C2B5 3173 81CE C39A FE3C 9C0B 7C92 2A3E 47AA A5F9
uid [ultimate] nkpro4096-2 at 16.04.2-server (nkpro4096-2 at 16.04.2-server) <nkpro4096-2 at 16.04.2-
server>
sub rsa4096/5F6FCE2B 2017-03-20 [] [expires: 2017-03-21]
sub rsa4096/2FF57263 2017-03-20 [] [expires: 2017-03-21]
sz at ubuntu:~/.gnupg⟫ gpg2 --card-status
Reader ...........: 20A0:4108:0000319E0000000000000000:0
Application ID ...: D27600012401020100050000319E0000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 0000319E
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 4
Signature key ....: C2B5 3173 81CE C39A FE3C 9C0B 7C92 2A3E 47AA A5F9
created ....: 2017-03-20 10:17:37
Encryption key....: C2BF AD4B 5A95 1D5A D19D D7F2 D1B4 4EB9 2FF5 7263
created ....: 2017-03-20 10:17:37
Authentication key: A736 1236 4272 9B6E 459A 60A8 BFA5 3830 5F6F CE2B
created ....: 2017-03-20 10:17:37
General key info..: pub rsa4096/47AAA5F9 2017-03-20 nkpro4096-2 at 16.04.2-server (nkpro4096-2 at 16.04.2
-server) <nkpro4096-2 at 16.04.2-server>
sec> rsa4096/47AAA5F9 created: 2017-03-20 expires: 2017-03-21
card-no: 0005 0000319E
ssb> rsa4096/5F6FCE2B created: 2017-03-20 expires: 2017-03-21
card-no: 0005 0000319E
ssb> rsa4096/2FF57263 created: 2017-03-20 expires: 2017-03-21
card-no: 0005 0000319E
sz at ubuntu:~/.gnupg⟫ ls
dirmngr.conf openpgp-revocs.d pubring.kbx reader_0.status scdaemon.log S.scdaemon
gpg.conf private-keys-v1.d pubring.kbx~ scdaemon.conf S.gpg-agent trustdb.gpg
sz at ubuntu:~/.gnupg⟫ pkill scdaemon
sz at ubuntu:~/.gnupg⟫ less scdaemon.
scdaemon.: No such file or directory
1 sz at ubuntu:~/.gnupg⟫ less scdaemon.log
sz at ubuntu:~/.gnupg⟫ less scdaemon.log
sz at ubuntu:~/.gnupg⟫
More information about the Gnupg-users
mailing list