My issue seems to be similar to Can't import NISTP521 encryption key into Nitrokey Pro 2.
I’m able to generate NIST P-521 keys, but if I try to import them onto my hardware token I get the same error as in the other question:
gpg> key 2 sec nistp521/ED5CD5B6194F3522 created: 2020-11-01 expires: never usage: SC trust: ultimate validity: ultimate ssb nistp521/171F4A02E938DC69 created: 2020-11-01 expires: never usage: E ssb* nistp521/009A993E868D29E9 created: 2020-11-01 expires: never usage: S ssb nistp521/3C7C267634A07D1B created: 2020-11-01 expires: never usage: A [ultimate] (1). test user (testme) <email@example.com> gpg> keytocard Please select where to store the key: (1) Signature key (3) Authentication key Your selection? 1 gpg: KEYTOCARD failed: Invalid value
On this test I was able to import my authentication key, but not the encryption or signing keys. Attempting to import the primary key also fails with the same error.
I’ve been trying this several different ways, and most of the time I can’t import any of the keys. I’ve also tried configuring the card for nistp521 keys using the gpg-connect-agent commands Nitrokey’s announcement of ECC support, modified to specify nistp521t1. These configure each key slot correctly, but when I go to generate the keys, I get an error:
gpg: error checking the PIN: Invalid value. I’ve tested with gpg 2.2.23 and gpg4win and get the same error on both systems.
The datasheet says 521-bit ECC keys should be supported, but has anyone actually been able to use them?