Re: [RESOLVED] Yubikey 4 GPG key size - can't use 4096-bit k

2016-02-09T09:47:39+01:00

Works fine with GPG ver. 2.1.11.

Statistics: Posted by 81971c34 — Tue Feb 09, 2016 9:47 am

[RESOLVED] Yubikey 4 GPG key size - can't use 4096-bit keys?

2016-02-06T18:21:18+01:00

Hey, so I just got my new Yubikey 4, and from what I've read it's supposed to support 4096-bit keys. However, gpg2 --card-status reports this:

Code:

Key attributes ...: rsa2048 rsa2048 rsa2048

It seems like this is just a default value, and the card can be reconfigured to use 4096-bit keys, but there doesn't seem to be an option to do so directly.

That said, attempting to generate a key on the card asks me for a key length, so I figured I might be able to do this to configure the card, then replace the generated keys with my own keys. But no luck:

Code:

What keysize do you want for the Signature key? (2048) 4096
The card will now be re-configured to generate a key of 4096 bits
Note: There is no guarantee that the card supports the requested size.
      If the key generation does not succeed, please check the
      documentation of your card to see what sizes are allowed.
gpg: error changing size of key 1 to 4096 bits: Invalid data

Is there something I'm missing here? The Yubikey 4 does support 4096-bit PGP keys, right?

EDIT: Never mind, this appears to be related to my GPG version, as mentioned here - I am in fact using 2.1.9: http://www.gossamer-threads.com/lists/gnupg/users/73716

Statistics: Posted by ryukafalz — Sat Feb 06, 2016 6:21 pm

Yubico Forum

Re: [RESOLVED] Yubikey 4 GPG key size - can't use 4096-bit k

[RESOLVED] Yubikey 4 GPG key size - can't use 4096-bit keys?