| Yubico Forum https://forum.yubico.com/ |
|
| Yubikey + OpenPGP keytocard error https://forum.yubico.com/viewtopic.php?f=35&t=2271 |
Page 1 of 1 |
| Author: | cblazek [ Fri Apr 01, 2016 7:31 pm ] |
| Post subject: | Yubikey + OpenPGP keytocard error |
I'm trying to copy my gpg key to my yubikey 4 and I'm getting an error saying that, "You may only store a 1024 bit RSA key on the card" when I type keytocard from the gpg prompt. Code: pub 1024D/563FD864 created: 2000-08-07 expires: never usage: SCA trust: ultimate validity: ultimate sub 2048R/AF2C1F8D created: 2006-04-29 expires: never usage: E sub 2048R/B43BA2E0 created: 2016-04-01 expires: never usage: A My pub key is 1024 with 2 sub keys of 2048 length. Am I missing something or do I need to generate a new 1024 key? I'd rather use the key that I have. Thanks in advance! Chris SOLVED: I was able to copy a new 4096 Master RSA key to the card and have been successfully using it in gpg applications. After reading some pointers on keeping the Master key off the card, I plan on just storing the subkey on the card. |
|
| Author: | ChrisHalos [ Sat Apr 02, 2016 5:17 am ] |
| Post subject: | Re: Yubikey + OpenPGP keytocard error |
Should work just fine. I would recommend resetting the OpenPGP applet: https://developers.yubico.com/ykneo-ope ... pplet.html and following the instructions here to move the subkeys to your YubiKey: https://developers.yubico.com/PGP/Importing_keys.html I would say the most likely cause of the issue is an old version of gpg, or you're trying to move a non-RSA key to the card. |
|
| Author: | cblazek [ Sat Apr 02, 2016 3:31 pm ] |
| Post subject: | Re: Yubikey + OpenPGP keytocard error |
I've checked the versions and followed the tutorial. Code: 10036$ gpg2 --version ‹› gpg (GnuPG/MacGPG2) 2.0.28 libgcrypt 1.6.3 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA, RSA, ELG, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 Code: 10037$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye ‹› D[0000] 04 02 08 90 00 ..... OK My key pub is 1024D but subkeys are 2048R. Could my issue be that I used DSA on the original key? I'm also doing this on a mac using gpgtools. Code: 10040$ gpg --edit-key B43BA2E0 ‹› gpg (GnuPG/MacGPG2) 2.0.28; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 1024D/563FD864 created: 2000-08-07 expires: never usage: SCA trust: ultimate validity: ultimate sub 2048R/AF2C1F8D created: 2006-04-29 expires: never usage: E sub 2048R/B43BA2E0 created: 2016-04-01 expires: never usage: A Thanks for your help! |
|
| Author: | HDDControler [ Sun Apr 03, 2016 10:26 pm ] |
| Post subject: | Re: Yubikey + OpenPGP keytocard error |
Hey Im newbie But Here is what ive learned: YUBIKEY isnt YUBIKEY !! My Yubikey4 Supports 2048 Bit Key but Have to Suport 4096 Bit !! BUT YUBIKEY NEO Cant store 4096 Bit Keys for OpenGPG The Limit is 2048 Bit Key. So i Ask : What Version You Have Exactly??? Is it an older Version? See here: https://www.yubico.com/products/yubikey-hardware/ |
|
| Author: | cblazek [ Sun Apr 03, 2016 10:32 pm ] |
| Post subject: | Re: Yubikey + OpenPGP keytocard error |
It's the yubikey4. I haven't done the reset because I just barely received it and haven't set anything up with it yet. I may try that tonight when I get free time. |
|
| Author: | cblazek [ Mon Apr 04, 2016 2:25 pm ] |
| Post subject: | Re: Yubikey + OpenPGP keytocard error |
It looks like my initial issue was with using my original private key. I created another new key that was solely RSA 2048 for primary and sub and I got a little further. I was asked for an admin pin and I have no clue what that would be. I found the card-edit tool where you can enter admin commands and change the admin PIN but I don't know what the original PIN would be. |
|
| Author: | HDDControler [ Mon Apr 04, 2016 5:47 pm ] |
| Post subject: | Re: Yubikey + OpenPGP keytocard error |
Hey ho. Here i Can Help:  User-Pin (Standart): 123456 Admin-Pin (Standart): 12345678 And dont Forget : Once tree times the wrong User pin then you must (You Have to ) unblock with your Admin-Pin! 3 x Wrong Admin Pin --> Yubikey is damaged for ever!! Good Luck By. Hey, see the thread: http://forum.yubico.com/viewtopic.php?f=35&t=2219 There i wrote the way to create a new Keypair. Pins you have now. :-> Please write back. |
|
| Author: | cblazek [ Mon Apr 04, 2016 6:13 pm ] |
| Post subject: | Re: Yubikey + OpenPGP keytocard error |
I've got the pins changed.  I got my test key successfully added to the card. I tested uploading just the subkey and wasn't successful. Thanks for all the pointers and help getting me off the ground with my pgp keys. |
|
| Author: | HDDControler [ Mon Apr 04, 2016 7:35 pm ] |
| Post subject: | Re: Yubikey + OpenPGP keytocard error |
dont Forget to mark as Solved in the thirst Message. I was in the same Situation. And i ve canged my pin too (Sucsessfuly). Yes yes the Standart pin  Okey Byby
|
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|