Echoes - Echoes camshot
mercredi 31 octobre 2012 (1 post)
  • Update on OpenPGPv2 smartcards

After some feedback from other people, I have an important update to make on my last post. As I said, what decided me to eventually buy an OpenPGP smartcard was that it supported 4096 bit keys, so it would fit my 4096R/71EF0BA8 key.

In the end, it seems it's a little more complicated than that. 4096R keys are indeed supported, as far as signing and authentication are concerned. But encryption keys seem limited to 3072 bits (or maybe more, I didn't test toroughly). When trying to decrypt some stuff encrypted for a 4096R key on the smartcard, gpg fails with some “general error”. It has already been reported here, but no news since.

In my case, it's not that bad, I decided to go for 2048R for all subkeys. But if you desperately need 4096 bit encryption key, OpenPGPv2 smartcards might not be the right solution for you. I have no idea if the problem lies in GnuPG or in the smartcard, and I can't really find much information on this.

Yves-Alexis@20:45:55 (Debian)

  • 1508 posts
  • 5701 jours
  • 0.26 posts/jour
  • IRC