| Yubico Forum https://forum.yubico.com/ |
|
| [SOLVED]: Fix for "Key does not match the card's capabilit https://forum.yubico.com/viewtopic.php?f=26&t=1832 |
Page 1 of 1 |
| Author: | rbondi [ Thu Apr 16, 2015 7:14 pm ] |
| Post subject: | [SOLVED]: Fix for "Key does not match the card's capabilit |
Does anyone know how to get past this `keytocard` error please? Sequence of commands to get the error: ``` $>gpg --edit-key [my key id] /snip/ Secret key is available. /snip/ gpg>toggle /snip/ gpg>key 1 /snip/ gpg>keytocard /snip/ Please select where to store the key: (2) Encryption key Your selection? 2 Key does not match the card's capability. ``` # What I'm using: gpg (GnuPG/MacGPG2) 2.0.27 libgcrypt 1.6.3 OSX 10.10.3 (14D131) ykpersonalize -V Firmware version 3.4.0 Touch level 1797 Program sequence 2 Unsupported firmware revision - some features may not be available Please see https://developers.yubico.com/... for more information. 1.16.0 Yubikey core error: unsupported firmware version OSX Yubikey Personalization Tool says it's firmware 3.4.0, Slot 1 configured, no errors. (If there was a way to do all this in the OSX YPT, I'd do it there, but AFAIK there is not; I can't even set -m28 with it. Grrr.) Thanks much in advance, /rb |
|
| Author: | rbondi [ Thu Apr 16, 2015 9:53 pm ] |
| Post subject: | Re: [QUESTION]: Fix for "Key does not match the card's capab |
I figured it out: the Neo cannot accept keys longer than 2048 bits. When I generate a keypair outside the Neo, on a desktop GnuPG, if it is 2048 bits, 'keytocard' works just fine. If the key length is greater than that, I get the above error message. So the error message is accurate if albeit vague: the key indeed does not match the card's capability, when it is greater than 2048 bits. Googling uncovered this thoughtful explanation by Yubico of this limitation: https://www.yubico.com/2015/02/big-deba ... cos-stand/ |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|