Again: Writing DER certificates to ZeitControl Cards

NIIBE Yutaka gniibe at
Mon Apr 2 02:10:39 CEST 2018

Dirk Gottschalk via Gnupg-users <gnupg-users at> wrote:
> I asked this Question a while ago, but unfortunately didn't get any
> response. So, I ask again and I'm in hope that somebody here knows any
> Answer to this. I just want to know if the cards do not support it, or
> is somebething wrong with my setup?

Most likely, the length of certificate matters.  If you can minimize
your certificate, please try.  I don't know the limitation for the card.
In case of my own implementation, I can only support data less than

> Are these cards not capable of getting certs written on, or am I
> missing something?

FWIW, let me explain my opinion.  This might be irrelevant to the
implementation on ZeitControl Card, though.

The feature is one of the most difficult parts for an implementer of
OpenPGP card.  For my own implementation, I cannot implement it fully,
because of the possibility of larger size.  So, users of Gnuk Token have
to use special tool to write certificate, while reading is OK.

Since the feature is questionable for me (no real good use case), I even
put a compile time option for Gnuk to disable it, and that's the
default now.

More information about the Gnupg-users mailing list