Page MenuHome GnuPG
Create Task
Maniphest T4706

RSA4096 option disabled in Kleopatra on newer smartcards
Closed, ResolvedPublic
Actions

Description

I tested Gpg4win v3.1.10 on Windows 10.

When generating a new key on a smartcard, Kleopatra presents a drop-down box of available RSA key sizes. The "4096" option is gated behind an incorrect version check, checking that the OpenPGP smartcard's version is exactly "2.1":

mIs21 = version == QLatin1String("2.1");
sizes.push_back(1024);
sizes.push_back(2048);
sizes.push_back(3072);
// There is probably a better way to check for capabilities
if (mIs21) {
    sizes.push_back(4096);
}

This means the option doesn't show up on smartcards implementing later versions of the OpenPGP on ISO Smart Card spec, which is up to version 3.4. This affects the latest YubiKey 5, which reports version 3.4.

STEPS TO REPRODUCE

  1. Open Kleopatra
  2. Insert YubiKey 5
  3. Select 'Manage Smartcards' from menu
  4. Click "Generate new Keys" button
  5. Observe "4096" is missing from drop-down

I cross-posted this to the KDE bug tracker, but it was reported to us in regards to Gpg4win: https://bugs.kde.org/show_bug.cgi?id=411849

Details

Version
3.1.10

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRAd989c281a64d Fix version check for pgp cards

Event Timeline

mrmekon created this task.Sep 12 2019, 1:21 PM
aheinecke closed this task as Resolved.Sep 12 2019, 3:10 PM
aheinecke claimed this task.
aheinecke added a commit: rKLEOPATRAd989c281a64d: Fix version check for pgp cards.
aheinecke added a subscriber: aheinecke.

This is generally the better tracker to report Gpg4win / Kleopatra issues. The git systems are linked in a way that I can both automatically add a commit here and in the KDE tracker.
I just noticed the KDE report a bit quicker because there is less traffic, but I would have seen it here within the day.