Following the instructions here, I’m trying to copy my existing GnuPG key to my Nitrokey Pro:
wiki.fsfe.org/Card_howtos/Card_ … ng_backups
When I go to copy my encryption key, GnuPG tells me that only 1024-bit RSA keys are supported:
$ gpg2 --edit-key 0x5EDACFC82A710D95
gpg (GnuPG) 2.0.28; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
gpg: Oops: keyid_from_fingerprint: no pubkey
pub 4096R/0x5EDACFC82A710D95 created: 2009-05-18 expires: never usage: SCE
trust: ultimate validity: ultimate
sub 4096g/0x0A512EA191683EB1 created: 2009-05-18 expires: never usage: E
sub 4096R/0x3685742996D9D533 created: 2014-12-01 expires: never usage: S
[ultimate] (1). Dave Pifke <dave@pifke.org>
[ultimate] (2) [jpeg image of size 5916]
gpg> toggle
sec 4096R/0x5EDACFC82A710D95 created: 2009-05-18 expires: never
ssb 4096g/0x0A512EA191683EB1 created: 2009-05-18 expires: never
ssb 4096R/0x3685742996D9D533 created: 2014-12-01 expires: never
(1) Dave Pifke <dave@pifke.org>
(2) [jpeg image of size 5916]
gpg> key 1
sec 4096R/0x5EDACFC82A710D95 created: 2009-05-18 expires: never
ssb* 4096g/0x0A512EA191683EB1 created: 2009-05-18 expires: never
ssb 4096R/0x3685742996D9D533 created: 2014-12-01 expires: never
(1) Dave Pifke <dave@pifke.org>
(2) [jpeg image of size 5916]
gpg> keytocard
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
You may only store a 1024 bit RSA key on the card
This was supposedly a problem with GnuPG prior to 2.0.12:
gossamer-threads.com/lists/gnupg/users/49815
…but I’m running 2.0.28 as shown above.
Has anyone successfully copied an existing 4096-bit GnuPG key to a Nitrokey Pro?