Problems with 4096 keys on 2.1 card
NIIBE Yutaka
gniibe at fsij.org
Wed Jan 27 00:52:32 CET 2016
On 01/27/2016 07:59 AM, Jorgen Ottosson wrote:
> $ gpg --card-status
>
> -> works
Yes. GnuPG 1.4 works here, but it doesn't work for RSA-4096 keys.
I guess that you don't configure GnuPG 1.4 to use gpg-agent.
In that setting, gpg tries to connect your reader directly.
> $ gpg2 --card-status
> gpg: selecting openpgp failed: Unsupported certificate
> gpg: OpenPGP card not available: Unsupported certificate
This is different thing. It is the problem of smartcard, not specific
to RSA-4096.
I think you are using GNOME keyring. Old versions of GNOME keyring
had a feature to try to replace a part of functionality of gpg-agent,
it was a kind of emulation of gpg-agent. And it doesn't support
any commands for smartcard, and it resulted mysterious errors like
above.
It had been difficult to configure GNOME keyring (to stop the feature
of gpg-agent) properly. Here is some info:
http://www.gniibe.org/memo/notebook/gnome3-gpg-settings.html
In the days of GNOME 2.x, it was gconftool-2. In the days of GNOME
3.0, it was gnome-session-properties. For GNOME 3.1 or later, we
need to change the way how to invoke gnome-keyring.
Fortunately, I've heard that gnome-keyring is fixed now. I, for
myself, gave up with GNOME and currently using XFCE4. However, I
encountered another:
https://bugs.debian.org/791378
--
More information about the Gnupg-users
mailing list