On 11/10/15 02:53, NIIBE Yutaka wrote: > On 11/09/2015 11:50 PM, Christopher Beck wrote: >> I have got two sub-keys on the card, one for signing and one for >> decryption. Both keys are 4096 bit in size. The issues are only on the >> decrpting process: Signing works well, but when I try to decrypt >> something (an e-mail or an encrypted file) it just says, there is no >> secret key. I switched on debugging output and it tells me: >> >> "public key decryption failed: General error >> decryption failed: No secret key" >> >> I checked $ gpg -K and $gpg --card-status and so on, and it tells me >> exactly the same i can see on my other computers: there are two keys >> available on the smart-card. So I am wondering, what the problem is. The >> version of gpg is 2.0.14 on scientific linux 6. > I think that 2.0.14 doesn't work well for RSA-4096 decryption on card. > It was 2.0.20 (in 2013) which fixed this problem. (The error message > was not kind enough, it's not correctly describe the issue.) > > The problem was, in short, the size of data. Smartcard was designed > to handle "small" data, but RSA-4096 is a way big for old design > assumptions. In case of signing, because the signature is not that > big, it works well. It doesn't work for decryption, since the data > size is 4096-bit (= 512-byte). Traditionally, smartcard was designed > with the assumption of 256-byte is considered "big", and host software > for smartcard assumed data size is less than 256-byte. Hi,
thanks. Then I'll have to upgrade it. Best Regards Christopher -- I use GnuPG (GPG) for E-Mail encryption and signing. If you want some privacy, my public key ID is 2F9D4F14. The file "singature.asc" this message includes contains a cryptographic signature which enables you to verify this E-Mail really was written by me. Christopher Beck, DL1CHB Gerhart-Hauptmann-Str. 1 91058 Erlangen Tel.: 09131 / 9245437 Fax.: 09131 / 8148708 Jabber: bec...@jabber.org
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
