Yubico Forum ...visit our web-store at 2017-09-10T09:51:56+01:00 https://forum.yubico.com/feed.php?f=35&t=2690 2017-09-10T09:51:56+01:00 2017-09-10T09:51:56+01:00 https://forum.yubico.com/viewtopic.php?t=2690&p=9734#p9734 <![CDATA[Re: Cannot move 4096 bit GnuPG key to YubiKey 4]]> one difference is that i generated the key on my pc and moved to the card/yubikey instead of generating it diretly there (never tried).
from what i have understood the fact that it says 2048 is normal as it is a default value but it doesn't mean that you can't push a 4096 bit key.
i'm not gpg expert but another thing: have you issued toggle command before using key to card?
according to the gpg manual toggle switches between public and private key so i guess you are trying to push public key and thus the error "no private key usable"

this is what i followed to store the key on the yubikey:
https://developers.yubico.com/PGP/Importing_keys.html

i understand that you might prefer to generate it directly on the yubikey but in that way you have no way of making a backup, also an "evil pc" could try wrong pins and destroy your keys.

Statistics: Posted by nesos — Sun Sep 10, 2017 9:51 am

]]> 2017-08-21T18:04:42+01:00 2017-08-21T18:04:42+01:00 https://forum.yubico.com/viewtopic.php?t=2690&p=9712#p9712 <![CDATA[Cannot move 4096 bit GnuPG key to YubiKey 4]]> I have written 2 different 4096 bit GPG keys to them without problem.

Today I received another bundle I ordered (to have spare/replacements) but I cannot move my 4096 bit keys to them.

When I check with the YubiKey Personalization tool I see my "old" keys have firmware 4.3.4 and the "new" have firmware 4.3.5,
so I would guess this should be possible since the firmware is even newer.

When I run gpg2 --card-status I get the card information and the key attributes are set to 2048

I tried to generate a new keypair on the YubiKey and when I select 4096 and getting a warning that this might not work, the newly generated key seems to be a 4096 bit one.

when I check again the key attributes are now set to 4096 but I still cannot move a new key (keytocard) to the YubiKey.
The only key that I can move to the YubiKey is a 2048 one but I need my 4096 bit key not a 2048 bit one or a new one.

Here is the output from gpg when I do keytocard:

Quote:

gpg> keytocard
Really move the primary key? (y/N) y
Please select where to store the key:
(1) Signature key
(3) Authentication key
Your selection? 3

gpg: WARNING: such a key has already been stored on the card!

Replace existing key? (y/N) y
gpg: KEYTOCARD failed: Onbruikbare geheime sleutel

gpg>

The error in Dutch is : "Unusable secret key"

I've found a post here with a similar problem, but that person had an error after entering a PIN, this is before the PIN is asked.

Anyone have an Idea ?

Patrick

Statistics: Posted by patrickkox79 — Mon Aug 21, 2017 6:04 pm

]]>