Separate OpenPGP cards for master key and sub-keys

Mustrum mustrum at mustrum.net
Tue Jun 4 08:31:29 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Pete Stephenson <pete at heypete.com> a écrit :

>On Mon, Jun 3, 2013 at 11:10 AM, Mustrum <Mustrum at mustrum.net> wrote:
>> I already moved my subkeys to one cryptostick.
>> When i tried to move the primary key (4096 RSA) to another stick i
>got:
>>
>>>gpg> keytocard
>>>Really move the primary key? (y/N) y
>>>Signature key ....: [none]
>>>Encryption key....: [none]
>>>Authentication key: [none]
>>
>>>Please select where to store the key:
>>>Your selection?
>>
>> Note that there is NO valid choice.
>>
>> Any ideas ?
>>
>> I'm using gpg 2.0.20
>
>What version of the Crypto Stick are you using? I've successfully
>moved 4096-bit RSA primary keys to the OpenPGP smartcard and 2048-bit
>RSA subkeys to a Crypto Stick v1.2, but I would expect the Crypto
>Stick would also support 4096-bit keys. I don't know if early versions
>wouldn't support keys of that length.

I'm using the v1.2.
It's supposed to be fine with 4096 rsa key if used with GnuPG 2.0.20.

May be the capacity flags of my primary key is the probleme.
As i'm using subkeys to sign &  encrypt, i created the primary with only the "certify" capability and the stick only got 3 slots:
Signing
Enccrypt
Authentification.

Nothing to receive a certification only key ?
-----BEGIN PGP SIGNATURE-----
Version: APG v1.0.8

iQI7BAEBCAAlBQJRrYnBHhxNdXN0cnVtIDxNdXN0cnVtQE11c3RydW0ubmV0PgAK
CRBMuv2GX9WDnvJ/EACANz5ROnge/bJshG/doKcZvw3KNomeZ2PWQn4Gu1QA9vTf
xQ2BCuHmHogoOD0sp49tcFa/8WM05PxoafNTmuUNZjgi9lR5nMvv69VmHNMe2jrD
Z9Oox/MsWttEVXYKpV3ydFjOG30Fy6ht6MUY+RzsOjx4B7LrdU4uH837PDvOc/Zq
OuWGsBIhA0nfvY4sEUSq3uK0GYB2iXdyY5oYuBH+zWt1ome/vo/rZWe9RHyzw7yv
S3PPnjLZSxmVNTFV4ADZeUue/0d9fa3vv43H/YBoLOCDS0AlMSCGW15IBiAgMsKD
Q3KXpw0W2cX1gpnYpEhvGAT8H4BFG3O5EmZDpkqPW0dm6Cn8djAGuh5+waBhfycS
IxZwvhOlFyhdSE2ksuNG8CkWevVpkuythuiEwjTDcphf0EzBaHxN3Pn74UaecL6O
VhSC/goKf5WzLJcPfAHfKZ/vC6N0z+PWfW4meYf7Tz7CpRSpDLI+VmmYOurpXpxO
jk2iIpcmjwfi8SFSKnV6wVf+usIH9y7gZyoAb3If5Gbwv/AzohTlUQoyxWzMSJXb
0gwqOQRwozbiHeyCqTJZyo6g7te4vIrLWlW1adEhRDsuOLVVhvA0/RNh4tSmTCpU
QTPyzncbwgwv0zX1X+foePgw2ganQ7gOY5KtlAJZUBAP5CnSgVNpo49bbVZ8lw==
=K1FW
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list