I bought the stick cause i wanted to use it with a 4096 key, but that seems to be a challange:
I read here in the forum to generate a 4096key at first, but thats hardly possible.
with “gpg” the limit is 3072
and with “gpg2” terminates with an error and does not generate a key. On top of that the red light does not turn off and I have to kill gpg2 and unplug the stick. So whats the matter? Is just my one or did anybody else experienced this and has a solution?
[code][gpg --card-edit
Application ID …: D276000124010201000500002FCC0000
Version …: 2.1
Manufacturer …: ZeitControl
Serial number …: 00002FCC
Name of cardholder: [not set]
Language prefs …: de
Sex …: unspecified
URL of public key : [not set]
Login data …: [not set]
Signature PIN …: forced
Key attributes …: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key …: [none]
Encryption key…: [none]
Authentication key: [none]
General key info…: [none]
gpg/card> admin
Admin commands are allowed
gpg/card> generate
Make off-card backup of encryption key? (Y/n) Y
Please note that the factory settings of the PINs are
PIN = 123456' Admin PIN = 12345678’
You should change them using the command --change-pin
What keysize do you want for the Signature key? (2048) 4096
RSA keysizes must be in the range 1024-3072
What keysize do you want for the Signature key? (2048)
[/code]
And with gpg2
gpg2 --card-edit
Application ID ...: D276000124010201000500002FCC0000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 00002FCC
Name of cardholder: [not set]
Language prefs ...: de
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: 2048R 2048R 2048R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
gpg/card> admin
Admin commands are allowed
gpg/card> generate
Make off-card backup of encryption key? (Y/n) Y
Please note that the factory settings of the PINs are
PIN = `123456' Admin PIN = `12345678'
You should change them using the command --change-pin
What keysize do you want for the Signature key? (2048) 4096
The card will now be re-configured to generate a key of 4096 bits
NOTE: There is no guarantee that the card supports the requested size.
If the key generation does not succeed, please check the
documentation of your card to see what sizes are allowed.
What keysize do you want for the Encryption key? (2048) 4096
The card will now be re-configured to generate a key of 4096 bits
What keysize do you want for the Authentication key? (2048) 4096
The card will now be re-configured to generate a key of 4096 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: xxxxx
Email address:
Comment:
You selected this USER-ID:
"xxxxx"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
gpg: key generation failed: Card error
Key generation failed: Card error
gpg/card>
Application ID ...: D276000124010201000500002FCC0000
Version ..........: 2.1
Manufacturer .....: ZeitControl
Serial number ....: 00002FCC
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: 4096R 4096R 4096R
Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
gpg/card>
edit:
so finally i was able to move encryption and signature keys to the stick with 4096bits, but not the auth-key.