Hi @PhilC!
Thank you for using Nitrokey Start.
As far as I remember it is not possible to generate the RSA4096 key on the NK Start due to hardware limitations (both calculation time and memory), so one needs to generate it first, ideally (for production use) on the air-gapped diskless hardware, and then upload it to the device. It is possible to do so by e.g.:
- Booting PC up with Tails;
- Running GnuPG2, and generating the key locally;
- Running
gpg2 --card-edit, then executingkeytocardcommand;
Details for point 3 could be found here: https://www.nitrokey.com/documentation/openpgp-create-backup.
NK Start’s strength are rather ECC keys, with efficient implementation of popular curves.
Have a nice weekend!
Regards.