Again: Writing DER certificates to ZeitControl Cards
Damien Goutte-Gattat
dgouttegattat at incenp.org
Mon Apr 2 14:43:52 CEST 2018
On 04/02/2018 01:10 AM, NIIBE Yutaka wrote:
> Most likely, the length of certificate matters. If you can minimize
> your certificate, please try. I don't know the limitation for the card.
I don't know for the v3.3 card, but v2.1 cards allow for a 2048 bytes
certificate (at least mine does, but maybe this has changed between
different production runs?).
One way of finding the max allowed size is the following command (here
tested with a Yubikey NEO):
$ gpg-connect-agent 'SCD LEARN --force' /bye | grep '^S EXTCAP'
S EXTCAP gc=1+ki=1+fc=1+pd=0+mcl3=1216+aac=0+sm=2+si=0+dec=0+bt=0
The value you are interested in is "mcl3". In this example, it says that
the Yubikey NEO allows for a 1216-bytes certificate.
Damien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180402/3f7e28fc/attachment.sig>
More information about the Gnupg-users
mailing list