Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:10 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Mon Aug 21, 2017 6:04 pm 
Offline

Joined: Mon Aug 21, 2017 5:39 pm
Posts: 1
A few weeks ago I purchased the YubiKey 4 bundle (1 white and 1 black YubiKey 4).
I have written 2 different 4096 bit GPG keys to them without problem.

Today I received another bundle I ordered (to have spare/replacements) but I cannot move my 4096 bit keys to them.

When I check with the YubiKey Personalization tool I see my "old" keys have firmware 4.3.4 and the "new" have firmware 4.3.5,
so I would guess this should be possible since the firmware is even newer.

When I run gpg2 --card-status I get the card information and the key attributes are set to 2048

I tried to generate a new keypair on the YubiKey and when I select 4096 and getting a warning that this might not work, the newly generated key seems to be a 4096 bit one.

when I check again the key attributes are now set to 4096 but I still cannot move a new key (keytocard) to the YubiKey.
The only key that I can move to the YubiKey is a 2048 one but I need my 4096 bit key not a 2048 bit one or a new one.

Here is the output from gpg when I do keytocard:

Quote:
gpg> keytocard
Really move the primary key? (y/N) y
Please select where to store the key:
(1) Signature key
(3) Authentication key
Your selection? 3

gpg: WARNING: such a key has already been stored on the card!

Replace existing key? (y/N) y
gpg: KEYTOCARD failed: Onbruikbare geheime sleutel

gpg>

The error in Dutch is : "Unusable secret key"

I've found a post here with a similar problem, but that person had an error after entering a PIN, this is before the PIN is asked.

Anyone have an Idea ?

Patrick


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Sun Sep 10, 2017 9:51 am 
Offline

Joined: Thu Sep 07, 2017 5:16 pm
Posts: 9
i also have a new key and it has firmware 4.3.5 but here everything works.
one difference is that i generated the key on my pc and moved to the card/yubikey instead of generating it diretly there (never tried).
from what i have understood the fact that it says 2048 is normal as it is a default value but it doesn't mean that you can't push a 4096 bit key.
i'm not gpg expert but another thing: have you issued toggle command before using key to card?
according to the gpg manual toggle switches between public and private key so i guess you are trying to push public key and thus the error "no private key usable"

this is what i followed to store the key on the yubikey:
https://developers.yubico.com/PGP/Importing_keys.html

i understand that you might prefer to generate it directly on the yubikey but in that way you have no way of making a backup, also an "evil pc" could try wrong pins and destroy your keys.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: Google [Bot] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group