On 01/26/2016 08:18 AM, Jorgen Ottosson wrote:
> Can't really confirm that here, generating seem not to work either.
>
> gpg --card-status
Please note that GnuPG 1.4 supports up to 3072-bit. This is because
of internal library limitation.
I believe that "gpg" in Ubuntu is GnuPG 1.4. It is "gpg2" when we
want to use GnuPG 2.0.
> gpg/card> generate
> Make off-card backup of encryption key? (Y/n) n
Besides, generating a key with off-card backup is actually done by two
steps:
* generating a key on host PC
* importing that key to card
If your choice is "Yes" for the question above, the key for encryption
is not generated on card, but generated on host PC.
> I have several readers but am testing here with SCR335.
>
> Any way to pin-point my issue in more detail? Is my reader known to not
> support 4096? Info on readers who will? I also have a scr3500 somewhere
> but think I'll have to install drivers for that one to work, the SCR335
> work with internal gpg drivers if I'm not mistaken whereas the 3500 don't
> work when attached as is.
Unfortunately, I don't have specific information (if card reader works
with RSA-4096 or not), either. I maintain this list for internal
driver.
https://wiki.debian.org/GnuPG/CCID_Driver
According to this list, SCR3500 works well with the internal driver of
GnuPG.
In general, the list by PCSC-lite helps.
https://pcsclite.alioth.debian.org/ccid/supported.html
Looking the device info, both of SCR335 and SCR3500 work with TPDU
level exchange. Thus, I believe that both works well for RSA-4096
keys.
> I also find it somewhat hard to get info on support for "Extended length"
> in several card reader's product-info pdfs I've looked at.
I think that it's "Extended APDU level exchange"? There are two level
exchanges; one is TPDU level exchange (lower layer) and another is
APDU level exchange. For longer APDU with original OpenPGPcard (i.e.,
in the communication of RSA-4096), the reader should support:
TPDU level exchange
or
Extended APDU level exchange with enough dwMaxCCIDMessageLength
If the reader only support short APDU level exchange, original
OpenPGPcard doesn't work well for longer APDU.
--
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
