Page MenuHome GnuPG
Create Task
Maniphest T6379

Kleopatra: Brainpool key can not be moved to smart card
Closed, ResolvedPublic
Actions

Description

Moving a (VS-NfD compliant) Brainpool key is not possible with Kleopatra. The option "Transfer to smartcard" is greyed out.
Moving the same key on the command line works fine. (At least if the card is empty beforehand.)

Details

Version
3.1.26, 3.2.0.0

Event Timeline

ebo created this task.Feb 16 2023, 1:40 PM
ikloecker added a subscriber: ikloecker.Feb 16 2023, 6:18 PM

Which algorithms are offered when you use "Regenerate Key"? What's the output of gpg -K --with-colon <key_id>?

werner triaged this task as High priority.Feb 17 2023, 7:54 AM
ebo added a comment.Feb 17 2023, 9:47 AM

I'm sorry, I got a bit confused, it works in Kleopatra on 3.2.0, but not in 3.2.26

On 3.2.0 for "Regenerate Key" and "Generate Key" 7 algorithms are offered (one to many?):


On 3.1.26, only RSA Algorithms are offered:

This is on 3.1.26 after I moved the first subkey to the card via command line keytocard:

gpg -K --with-colon 595E61FF0929ED7584BA140D13B6ADCFDDDC9206
sec:u:256:19:13B6ADCFDDDC9206:1676545638:1739703600::u:::scESC:::D2760001240103040006154932980000::brainpoolP256r1:23::0:
fpr:::::::::595E61FF0929ED7584BA140D13B6ADCFDDDC9206:
grp:::::::::3CFD6A7640BE496C00CE2BF879B79AC981DCDB44:
uid:u::::1676545638::7084D80B57C334CE1A0C2A7C3E9A54FE9A12DBFE::test_Brainpool::::::::::0:
ssb:u:256:18:2237C4F898D4BE00:1676545638:1739703600:::::e:::+::brainpoolP256r1:23:
fpr:::::::::E74545CD33CC0B0F3800E4D72237C4F898D4BE00:
grp:::::::::ECA8237AF7D895D884FC7332CEB2AEB752C66E2E:

ikloecker added a comment.Feb 17 2023, 11:24 AM

If 3.1.26 only offers RSA algos, then Kleopatra obviously assumes that the smart card only supports RSA and therefore doesn't offer the transfer of Brainpool keys.

ebo added a comment.Mar 10 2023, 9:07 AM

We got a user report that the issue did not occur before their update from 3.1.25 to 3.1.26

ebo added a comment.EditedMar 10 2023, 10:04 AM

It effects Yubikeys and ZeitControl cards (version 3.4)

ikloecker changed the task status from Open to Testing.Mar 16 2023, 10:43 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

I think Werner backported some missing functionality to GnuPG 2.2. Please retest with the next version.

ebo closed this task as Resolved.Mar 29 2023, 10:42 AM
ebo claimed this task.

For Testversion 3.1.27.0-beta44 for "Regenerate key" now the same algorithms as in 3.2.0 are offered for a Yubikey and it is possible to move them to the smart card.
This is fine even for not VSD-compliant keys, as they are marked as such.

For ZeitControl card (version 3.4) it is not possible to move 25519 keys to the card, as the card does not support it.

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Apr 5 2023, 1:51 PM
ebo added a project: gnupg22 (gnupg-2.2.42).Apr 5 2023, 2:01 PM