Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 6:48 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Fri Apr 01, 2016 7:31 pm 
Offline

Joined: Fri Apr 01, 2016 7:23 pm
Posts: 5
I'm trying to copy my gpg key to my yubikey 4 and I'm getting an error saying that,
"You may only store a 1024 bit RSA key on the card" when I type keytocard from the gpg prompt.

Code:
pub  1024D/563FD864  created: 2000-08-07  expires: never       usage: SCA
                     trust: ultimate      validity: ultimate
sub  2048R/AF2C1F8D  created: 2006-04-29  expires: never       usage: E
sub  2048R/B43BA2E0  created: 2016-04-01  expires: never       usage: A


My pub key is 1024 with 2 sub keys of 2048 length. Am I missing something or do I need to generate a new 1024 key?

I'd rather use the key that I have.

Thanks in advance!
Chris


SOLVED:
I was able to copy a new 4096 Master RSA key to the card and have been successfully using it in gpg applications. After reading some pointers on keeping the Master key off the card, I plan on just storing the subkey on the card.


Last edited by cblazek on Fri Apr 08, 2016 3:03 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sat Apr 02, 2016 5:17 am 
Offline
Yubico Team
Yubico Team

Joined: Thu Oct 16, 2014 3:44 pm
Posts: 349
Should work just fine. I would recommend resetting the OpenPGP applet:

https://developers.yubico.com/ykneo-ope ... pplet.html

and following the instructions here to move the subkeys to your YubiKey:

https://developers.yubico.com/PGP/Importing_keys.html

I would say the most likely cause of the issue is an old version of gpg, or you're trying to move a non-RSA key to the card.


Top
 Profile  
Reply with quote  
PostPosted: Sat Apr 02, 2016 3:31 pm 
Offline

Joined: Fri Apr 01, 2016 7:23 pm
Posts: 5
I've checked the versions and followed the tutorial.

Code:
10036$ gpg2 --version                                                                                                                                        ‹›
gpg (GnuPG/MacGPG2) 2.0.28
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


Code:
10037$ gpg-connect-agent --hex "scd apdu 00 f1 00 00" /bye                                                                                                   ‹›
D[0000]  04 02 08 90 00                                     .....
OK


My key pub is 1024D but subkeys are 2048R. Could my issue be that I used DSA on the original key? I'm also doing this on a mac using gpgtools.
Code:
10040$ gpg --edit-key B43BA2E0                                                                                                                               ‹›
gpg (GnuPG/MacGPG2) 2.0.28; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  1024D/563FD864  created: 2000-08-07  expires: never       usage: SCA
                     trust: ultimate      validity: ultimate
sub  2048R/AF2C1F8D  created: 2006-04-29  expires: never       usage: E
sub  2048R/B43BA2E0  created: 2016-04-01  expires: never       usage: A


Thanks for your help!


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 03, 2016 10:26 pm 
Offline

Joined: Sat Apr 02, 2016 2:37 pm
Posts: 11
Hey Im newbie But Here is what ive learned:

YUBIKEY isnt YUBIKEY !!

My Yubikey4 Supports 2048 Bit Key but Have to Suport 4096 Bit !!

BUT YUBIKEY NEO Cant store 4096 Bit Keys for OpenGPG
The Limit is 2048 Bit Key.
So i Ask :

What Version You Have Exactly???
Is it an older Version?

See here:
https://www.yubico.com/products/yubikey-hardware/


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 03, 2016 10:32 pm 
Offline

Joined: Fri Apr 01, 2016 7:23 pm
Posts: 5
It's the yubikey4. I haven't done the reset because I just barely received it and haven't set anything up with it yet. I may try that tonight when I get free time.


Last edited by cblazek on Fri Apr 08, 2016 3:02 pm, edited 2 times in total.

Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 04, 2016 2:25 pm 
Offline

Joined: Fri Apr 01, 2016 7:23 pm
Posts: 5
It looks like my initial issue was with using my original private key. I created another new key that was solely RSA 2048 for primary and sub and I got a little further.

I was asked for an admin pin and I have no clue what that would be. I found the card-edit tool where you can enter admin commands and change the admin PIN but I don't know what the original PIN would be.


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 04, 2016 5:47 pm 
Offline

Joined: Sat Apr 02, 2016 2:37 pm
Posts: 11
Hey ho. Here i Can Help:

8-)
User-Pin (Standart): 123456
Admin-Pin (Standart): 12345678

And dont Forget :
Once tree times the wrong User pin then you must (You Have to ) unblock with your Admin-Pin!
3 x Wrong Admin Pin --> Yubikey is damaged for ever!!

Good Luck
By. Hey, see the thread:
http://forum.yubico.com/viewtopic.php?f=35&t=2219
There i wrote the way to create a new Keypair. Pins you have now.
:->
Please write back.


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 04, 2016 6:13 pm 
Offline

Joined: Fri Apr 01, 2016 7:23 pm
Posts: 5
I've got the pins changed. :D

I got my test key successfully added to the card. I tested uploading just the subkey and wasn't successful.

Thanks for all the pointers and help getting me off the ground with my pgp keys.


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 04, 2016 7:35 pm 
Offline

Joined: Sat Apr 02, 2016 2:37 pm
Posts: 11
dont Forget to mark as Solved in the thirst Message.

I was in the same Situation. And i ve canged my pin too (Sucsessfuly).
Yes yes the Standart pin

:mrgreen:

:D Okey Byby


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group