Page MenuHome GnuPG
Create Task
Maniphest T5539

Key generation on OpenPGP Version 3.4 card fails
Closed, ResolvedPublic
Actions

Description

Commonly I generate the key straight on card via cmd by command: "generate". I purchased two new OpenPGP cards Version 3,4. An error occurred, message: "Error checking the PIN: invalid value". Then I tried by Kleopatra, again an error: "New Key: General error key cannot be created". It happened with both cards.

Next step: I generated the key in Kleopatra and copied the key by cmd with commands "addkey" and "keytocard". This worked. I had some older OpenPGP cards in the past, Version 2,2. I was able to generate the key straight on card by cmd and "generate" command. Therefore, I assume it is a bug on the most current OpenPGP card.

Details

Version
3.1.16 with OpenPGP card V3,4

Event Timeline

JW-D created this task.Aug 1 2021, 9:57 PM
gniibe added a subscriber: gniibe.Aug 2 2021, 7:14 AM

I checked with my OpenPGP card v3.4.
It works for me with GnuPG 2.2.x and 2.3.x.
My setting is for RSA-2048 key.

JW-D added a comment.Aug 2 2021, 7:40 AM

My setting is RSA-4096 key. Also it showed "pipe was broken", but it disappeared too quickly, so I do not have a screenshot from that.

My work around works. I can use the smart card now, but the keys were generated externally and they were copied to the smart card.

gniibe added a comment.Aug 2 2021, 8:08 AM

Thank you for the information.

Generally speaking, generating RSA-4096 keys on smartcard is tough task (for the small resource), so, I think that it might trigger something on card (to result bad behavior).

If anything wrong on host side (GnuPG), or, if we can find some workaround which is possible on host side, we will.

JW-D added a comment.Aug 2 2021, 8:35 AM

Thank you! But let me mention, that my older smart cards (Version 2,2) holding also RSA-4096 keys. They could be generated on card without any problem. I had the problem only with OpenPGP cards version 3,4. This I would like to strenghten.

werner added a subscriber: werner.Aug 2 2021, 10:13 AM
werner added a comment.Aug 3 2021, 11:46 AM

I tried a fresh card reconfigured it to use 3 4k RSA keys:

Reader ...........: SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0
Application ID ...: D276000124010304000500009D7C0000
Application type .: OpenPGP
Version ..........: 3.4
Manufacturer .....: ZeitControl
Serial number ....: 00009D7C
Name of cardholder: [nicht gesetzt]
Language prefs ...: de
Salutation .......:
URL of public key : [nicht gesetzt]
Login data .......: [nicht gesetzt]
Signature PIN ....: nicht zwingend
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 64 64 64
PIN retry counter : 3 0 3
Signature counter : 0
KDF setting ......: off

and created all 3 keys without problems. Encryption key was generated off-card as this is the default.
GnUPG version 2.2.28 on Windows 10 pretty recent.

werner triaged this task as Normal priority.Aug 3 2021, 11:48 AM
werner added projects: scd, OpenPGP.
werner added a project: can't replicate.Aug 3 2021, 11:52 AM
werner closed this task as Resolved.Oct 10 2021, 6:59 PM
werner claimed this task.

As long as we can't replicate this, it does not make sense to keep this bug open. Please re-open it if you run into it again in a replicatable way.