Newer gnupg doesn't ask for key size on generate?

R. Steve McKown smckown at
Thu Nov 29 02:06:14 CET 2018

Hi all,

We use Yubikey 4's as GnuPG smart cards.  When setting up a new card, we
use 'gpg --card-edit's 'generate' command to generate keys on the card
itself.  If it matters, we do not ask for off-card backups of the keys.

Today we set up a new Yubikey from a Windows 7 system running GnuPG
2.2.10.  Its generate command did not ask us for key size, and the
result was rsa2048 keys generated on the Yubikey.

We have always generated rsa4096 keys on Yubikeys in the past.  I was
able to take the same Yubikey to a Linux computer with GnuPG 2.1.11
installed; its generate command did ask for key size, and I was
successfully able to generate rsa4096 keys on the Yubikey.

I see that the admin docs do not show the generate command asking key

I'm presuming that there is some other process or command option that we
must use on newer GnuPG to request larger keys to be generated on our
Yubikeys.  Can someone point me in the right direction for this information?

R. Steve McKown
Titanium Mirror, Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 539 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list