On 25 Jan 2016 at 21:07, NIIBE Yutaka wrote: > However, please note that many card readers have problems with larger > APDU. Generating keys on card should be ok, but importing keys would > be failed with bad reader. Signing should be ok, but decryption would > be failed with bad reader. That's because of length of APDU. > --
Can't really confirm that here, generating seem not to work either. gpg --card-status .. Version ..........: 2.1 Manufacturer .....: ZeitControl .. Name of cardholder: [not set] Language prefs ...: de Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Private DO 1 .....: [not set] Private DO 2 .....: [not set] Signature PIN ....: not forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg --card-edit gpg/card> admin gpg/card> generate Make off-card backup of encryption key? (Y/n) n .. Please enter the PIN What keysize do you want for the Signature key? (2048) 4096 RSA keysizes must be in the range 1024-3072 What keysize do you want for the Signature key? (2048) gpg: Interrupt caught ... exiting SO: it seems the card will not generate larger keys then. I have several readers but am testing here with SCR335. Any way to pin-point my issue in more detail? Is my reader known to not support 4096? Info on readers who will? I also have a scr3500 somewhere but think I'll have to install drivers for that one to work, the SCR335 work with internal gpg drivers if I'm not mistaken whereas the 3500 don't work when attached as is. I also find it somewhat hard to get info on support for "Extended length" in several card reader's product-info pdfs I've looked at. TIA, _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
