NK3 needs to be told in advance what kind of key type will be installed in one of the 3 slots provided by the OpenPGP card standard.
I like to use openpgp-tool from OpenSC to check, for example on my card I have the following now:
> /usr/local/bin/openpgp-tool -K
Using reader with a card: Nitrokey Nitrokey 3 [CCID/ICCD Interface] 00 00
Aut Algorithm: EDDSA
Aut Create Date: 2023-12-22 19:13:34
Aut Fingerprint: 2d:95:41:9c:2c:47:7a:bc:a1:e7:dc:d9:c1:4a:88:c5:c3:07:dd:91
Dec Algorithm: ECDH
Dec Create Date: 2023-12-22 19:13:34
Dec Fingerprint: cb:3d:95:9e:63:62:15:2a:da:d3:9f:c3:56:6d:12:69:b6:52:8e:d3
Sig Algorithm: EDDSA
Sig Create Date: 2023-12-22 19:13:34
Sig Fingerprint: f2:ee:32:6f:54:2b:78:44:22:b4:fd:10:33:fb:9d:a8:17:64:f4:7a
I guess after the hardware reset it is undefined so you can upload what you want.
You can change the key type with the -t option of the openpgp-tool.
In general, using pkcs11-tool to manage keys on the OpenPGP card can be confusing in my opinion. I prefer openpgp-tool (best to view, can generate only RSA keys) or one of the options to manage cards with gpg2 or gpg-card.
Thanks. I don’t know what “the same breakdown” could be (please show the commands and the output), but please be aware that you should explicitly change the key type in the slot (Aut, Dec, Sig) and then try to generate something that matches that key type and length.
