Yubico Forum :: View topic - [QUESTION] Yubikey 4 and 4096 Key Length

Yubico Forum https://forum.yubico.com/

[QUESTION] Yubikey 4 and 4096 Key Length https://forum.yubico.com/viewtopic.php?f=16&t=2190	Page 1 of 1

Author:	Crumb [ Mon Feb 01, 2016 4:18 pm ]
Post subject:	[QUESTION] Yubikey 4 and 4096 Key Length
I have a key pair that I use to sign e-mails and encrypt documents. I bought the Yubikey 4 because the website states that the 4 supports 4096 key length, but for some reason every time I issue the keytocard command I get an error that makes it sound like the key is expecting a 2048 key. The Yubikey 4 supports higher key lengths right? Is there a step by step guide for importing a key? Maybe I'm missing a step... I appreciate any input you can provide.

Author:	ChrisHalos [ Mon Feb 01, 2016 9:37 pm ]
Post subject:	Re: [QUESTION] Yubikey 4 and 4096 Key Length
It's probably your gpg version. Works fine for me using gpg v 2.0.29 on Windows. I follow the instructions here - https://developers.yubico.com/PGP/Importing_keys.html [apologies in advance for the length] C:\Users\Chris>gpg --edit-key 6B23937C gpg (GnuPG) 2.0.29; Copyright (C) 2015 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 usage: SC trust: ultimate validity: ultimate sub 4096R/2FD28DC8 created: 2015-12-02 expires: 2018-12-01 usage: E [ultimate] (1). Chris Halos (testing addcardkey) <chris@yubico.com> gpg> addkey Key is protected. You need a passphrase to unlock the secret key for user: "Chris Halos (testing addcardkey) <chris@yubico.com>" 4096-bit RSA key, ID 6B23937C, created 2015-12-02 Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) Your selection? 4 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 4096 Requested keysize is 4096 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 3y Key expires at 12/01/18 15:10:24 Pacific Standard Time Is this correct? (y/N) y Really create? (y/N) y We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. pub 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 usage: SC trust: ultimate validity: ultimate sub 4096R/2FD28DC8 created: 2015-12-02 expires: 2018-12-01 usage: E sub 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 usage: S [ultimate] (1). Chris Halos (testing addcardkey) <chris@yubico.com> gpg> toggle sec 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 ssb 4096R/2FD28DC8 created: 2015-12-02 expires: never ssb 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 (1) Chris Halos (testing addcardkey) <chris@yubico.com> gpg> key 2 sec 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 ssb 4096R/2FD28DC8 created: 2015-12-02 expires: never ssb* 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 (1) Chris Halos (testing addcardkey) <chris@yubico.com> gpg> keytocard Signature key ....: 857D 4C3A D9D3 3F04 CD5E 7959 DB6B EB55 D8C6 FD6E Encryption key....: 6201 28E7 5D81 8D83 EE46 0CA0 196D CB20 A991 18D0 Authentication key: 8338 0EF3 4758 8E95 7328 5D5C 7D60 935F F9F6 21B9 Please select where to store the key: (1) Signature key (3) Authentication key Your selection? 1 gpg: WARNING: such a key has already been stored on the card! Replace existing key? (y/N) y You need a passphrase to unlock the secret key for user: "[User ID not found]" 4096-bit RSA key, ID 911B11FD, created 2015-12-02 sec 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 ssb 4096R/2FD28DC8 created: 2015-12-02 expires: never ssb* 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 card-no: 0006 04227930 (1) Chris Halos (testing addcardkey) <chris@yubico.com> gpg> key 2 sec 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 ssb 4096R/2FD28DC8 created: 2015-12-02 expires: never ssb 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 card-no: 0006 04227930 (1) Chris Halos (testing addcardkey) <chris@yubico.com> gpg> key 1 sec 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 ssb* 4096R/2FD28DC8 created: 2015-12-02 expires: never ssb 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 card-no: 0006 04227930 (1) Chris Halos (testing addcardkey) <chris@yubico.com> gpg> keytocard Signature key ....: 72E9 E258 6A1D 4658 F976 72A2 3F42 0515 911B 11FD Encryption key....: 6201 28E7 5D81 8D83 EE46 0CA0 196D CB20 A991 18D0 Authentication key: 8338 0EF3 4758 8E95 7328 5D5C 7D60 935F F9F6 21B9 Please select where to store the key: (2) Encryption key Your selection? 2 gpg: WARNING: such a key has already been stored on the card! Replace existing key? (y/N) y You need a passphrase to unlock the secret key for user: "Chris Halos (testing addcardkey) <chris@yubico.com>" 4096-bit RSA key, ID 2FD28DC8, created 2015-12-02 sec 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 ssb* 4096R/2FD28DC8 created: 2015-12-02 expires: never card-no: 0006 04227930 ssb 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 card-no: 0006 04227930 (1) Chris Halos (testing addcardkey) <chris@yubico.com> gpg> toggle pub 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 usage: SC trust: ultimate validity: ultimate sub 4096R/2FD28DC8 created: 2015-12-02 expires: 2018-12-01 usage: E sub 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 usage: S [ultimate] (1). Chris Halos (testing addcardkey) <chris@yubico.com> gpg> addcardkey Signature key ....: 72E9 E258 6A1D 4658 F976 72A2 3F42 0515 911B 11FD Encryption key....: 3304 484D 0AA3 DD93 FE0C 2570 7B28 34B5 2FD2 8DC8 Authentication key: 8338 0EF3 4758 8E95 7328 5D5C 7D60 935F F9F6 21B9 Please select the type of key to generate: (1) Signature key (2) Encryption key (3) Authentication key Your selection? 3 gpg: WARNING: such a key has already been stored on the card! Replace existing key? (y/N) y What keysize do you want for the Authentication key? (4096) 4096 Key is protected. You need a passphrase to unlock the secret key for user: "Chris Halos (testing addcardkey) <chris@yubico.com>" 4096-bit RSA key, ID 6B23937C, created 2015-12-02 Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 3y Key expires at 12/01/18 15:15:55 Pacific Standard Time Is this correct? (y/N) y Really create? (y/N) y pub 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 usage: SC trust: ultimate validity: ultimate sub 4096R/2FD28DC8 created: 2015-12-02 expires: 2018-12-01 usage: E sub 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 usage: S sub 4096R/B062AF76 created: 2015-12-02 expires: 2018-12-01 usage: A [ultimate] (1). Chris Halos (testing addcardkey) <chris@yubico.com> gpg> save C:\Users\Chris>gpg --card-status Application ID ...: D2760001240102010006042279300000 Version ..........: 2.1 Manufacturer .....: Yubico Serial number ....: 04227930 Name of cardholder: Halos Chris Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: not forced Key attributes ...: 4096R 4096R 4096R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 5 Signature key ....: 72E9 E258 6A1D 4658 F976 72A2 3F42 0515 911B 11FD created ....: 2015-12-02 23:10:06 Encryption key....: 3304 484D 0AA3 DD93 FE0C 2570 7B28 34B5 2FD2 8DC8 created ....: 2015-12-02 23:07:26 Authentication key: 278E 7DCD 1840 B5F5 51C2 355C 0694 6E03 B062 AF76 created ....: 2015-12-02 23:15:47 General key info..: pub 4096R/911B11FD 2015-12-02 Chris Halos (testing addcardkey) <chris@yubico.com> sec 4096R/6B23937C created: 2015-12-02 expires: 2018-12-01 ssb> 4096R/2FD28DC8 created: 2015-12-02 expires: 2018-12-01 card-no: 0006 04227930 ssb> 4096R/911B11FD created: 2015-12-02 expires: 2018-12-01 card-no: 0006 04227930 ssb> 4096R/B062AF76 created: 2015-12-02 expires: 2018-12-01 card-no: 0006 04227930 C:\Users\Chris>

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/