RSA4096 option disabled in Kleopatra on newer smartcards
Closed, ResolvedPublic


I tested Gpg4win v3.1.10 on Windows 10.

When generating a new key on a smartcard, Kleopatra presents a drop-down box of available RSA key sizes. The "4096" option is gated behind an incorrect version check, checking that the OpenPGP smartcard's version is exactly "2.1":

mIs21 = version == QLatin1String("2.1");
// There is probably a better way to check for capabilities
if (mIs21) {

This means the option doesn't show up on smartcards implementing later versions of the OpenPGP on ISO Smart Card spec, which is up to version 3.4. This affects the latest YubiKey 5, which reports version 3.4.


  1. Open Kleopatra
  2. Insert YubiKey 5
  3. Select 'Manage Smartcards' from menu
  4. Click "Generate new Keys" button
  5. Observe "4096" is missing from drop-down

I cross-posted this to the KDE bug tracker, but it was reported to us in regards to Gpg4win:

mrmekon created this task.Sep 12 2019, 1:21 PM
aheinecke closed this task as Resolved.
aheinecke claimed this task.
aheinecke added a subscriber: aheinecke.

This is generally the better tracker to report Gpg4win / Kleopatra issues. The git systems are linked in a way that I can both automatically add a commit here and in the KDE tracker.
I just noticed the KDE report a bit quicker because there is less traffic, but I would have seen it here within the day.