ich bekomme bei meinem Nitrokey Pro den Fehler “Key generation failed: Card error”, wenn ich mit “generate” in gpg die Schlüssel erzeugen will.
Ich habe gelesen, dass es für Nitrokey Storage ein Firmware Update gibt. Ist das auch für Nitrokey Pro geeignet?
Und wenn ja, wie lauten da die Update-Anweisungen?
Is the nitro keypro capable to generate 4096bit keys?
If i look in the spec sheet it says 1024 - 4096 so it should generate it !
I tried it under arch & debian(8.x) stable with gpg --card-edit
and with the option - 2048bit keys and it went through without errors.
So if im not wrong there is a problem with the driver(app) or the worst case scenario the HW is buggy
Would be massively appreciated if an expert at nitrokey can comment on this topic.
Wow, I have no idea how you would accomplish this on OpenSUSE. Such an operating system like OpenSUSE requires an immense level of IT knowledge and skill that I don’t have.
I can only help by asking you to install Windows 7 or Vista on another computer to do this operation.
Moved my keys from a working setup under fedora24 to the nitrokey pro.
I can decrypt mails read them through enigmail, can sign files no prob.
Bug when it comes to generate keys… Under Debian 9:
gpg/card> admin
Admin commands are allowed
gpg/card> generate
Make off-card backup of encryption key? (Y/n) y
gpg: Note: keys are already stored on the card!
Replace existing keys? (y/N) y
What keysize do you want for the Signature key? (4096)
What keysize do you want for the Encryption key? (4096)
What keysize do you want for the Authentication key? (4096)
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 3y
Key expires at Sun 07 Jun 2020 01:36:55 AM EDT
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Test
Email address:
Comment:
You selected this USER-ID:
"Test"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
gpg: key generation failed: Card error
Key generation failed: Card error
As far as I remember generating 4096 RSA keys works from GnuPG in version 2.1.21. It probably does not work on versions 2.1.11-20. Please try latest (or older, like 2.0.30 or 2.1.10) GnuPG version.
I am not aware of any workaround for not working GnuPG versions.
@nobanzai
Sorry for delay. What is your gpg version and what kind of key/length would you like to generate?
Due to bug in GnuPG RSA 4096 is not working on some GnuPG versions (namely 2.1.11-20), but should work on other ones (including stable 2.0.30).