Re: [QUESTION]: Fix for "Key does not match the card's capab

2015-04-16T21:53:51+01:00

I figured it out: the Neo cannot accept keys longer than 2048 bits.

When I generate a keypair outside the Neo, on a desktop GnuPG, if it is 2048 bits, 'keytocard' works just fine. If the key length is greater than that, I get the above error message.

So the error message is accurate if albeit vague: the key indeed does not match the card's capability, when it is greater than 2048 bits.

Googling uncovered this thoughtful explanation by Yubico of this limitation: https://www.yubico.com/2015/02/big-deba ... cos-stand/

Statistics: Posted by rbondi — Thu Apr 16, 2015 9:53 pm

[SOLVED]: Fix for "Key does not match the card's capabilit

2015-04-18T01:57:26+01:00

Does anyone know how to get past this `keytocard` error please?

Sequence of commands to get the error:

```
$>gpg --edit-key [my key id]
/snip/
Secret key is available.
/snip/
gpg>toggle
/snip/
gpg>key 1
/snip/
gpg>keytocard
/snip/
Please select where to store the key:
(2) Encryption key
Your selection? 2
Key does not match the card's capability.
```

# What I'm using:

gpg (GnuPG/MacGPG2) 2.0.27
libgcrypt 1.6.3

OSX 10.10.3 (14D131)

ykpersonalize -V
Firmware version 3.4.0 Touch level 1797 Program sequence 2
Unsupported firmware revision - some features may not be available
Please see https://developers.yubico.com/... for more information.
1.16.0
Yubikey core error: unsupported firmware version

OSX Yubikey Personalization Tool says it's firmware 3.4.0, Slot 1 configured, no errors. (If there was a way to do all this in the OSX YPT, I'd do it there, but AFAIK there is not; I can't even set -m28 with it. Grrr.)

Thanks much in advance, /rb

Statistics: Posted by rbondi — Thu Apr 16, 2015 7:14 pm

Yubico Forum

Re: [QUESTION]: Fix for "Key does not match the card's capab

[SOLVED]: Fix for "Key does not match the card's capabilit