Page MenuHome GnuPG

ECC CSR gen from Yubikey

Mock History

Current Revision

Event Timeline

This screenshot looks like you clicked on "Schüssel erneuern". Why is the title "ECC CSR gen from Yubikey"?

What does "SCD GETATTR KEY-ATTR-INFO" give you? What "CARDTYPE" and "CARDVERSION" does "SCD LEARN --force" give you?

Yeah, well, then the generation of ECC keys for smart cards is a 2.4 feature. I have implemented what you suggested:
If this suggestion doesn't work with 2.2, then it doesn't work with 2.2.

Backported the needed stuff:


For de-vs we should limit the capability to create non-compliant keys. This might have happened in Kleopatra already but needs to be checked.

Kleopatra doesn't have any restrictions when generating smart card keys. When generating OpenPGP certificates or CSRs off-card or from card keys, then in de-vs mode only RSA 3072, RSA 4096 or any supported curve (without any restrictions) can be chosen. Except for RSA 2048, Kleopatra doesn't know which algos are compliant or not compliant.

Given that there is now also a restriction for rsa2048 in de-vs mode, can you please also restrict all non-brainpool curves?