Moving a (VS-NfD compliant) Brainpool key is not possible with Kleopatra. The option "Transfer to smartcard" is greyed out.
Moving the same key on the command line works fine. (At least if the card is empty beforehand.)
Description
Details
- Version
- 3.1.26, 3.2.0.0
Event Timeline
Which algorithms are offered when you use "Regenerate Key"? What's the output of gpg -K --with-colon <key_id>?
I'm sorry, I got a bit confused, it works in Kleopatra on 3.2.0, but not in 3.2.26
On 3.2.0 for "Regenerate Key" and "Generate Key" 7 algorithms are offered (one to many?):
On 3.1.26, only RSA Algorithms are offered:
This is on 3.1.26 after I moved the first subkey to the card via command line keytocard:
gpg -K --with-colon 595E61FF0929ED7584BA140D13B6ADCFDDDC9206
sec:u:256:19:13B6ADCFDDDC9206:1676545638:1739703600::u:::scESC:::D2760001240103040006154932980000::brainpoolP256r1:23::0:
fpr:::::::::595E61FF0929ED7584BA140D13B6ADCFDDDC9206:
grp:::::::::3CFD6A7640BE496C00CE2BF879B79AC981DCDB44:
uid:u::::1676545638::7084D80B57C334CE1A0C2A7C3E9A54FE9A12DBFE::test_Brainpool::::::::::0:
ssb:u:256:18:2237C4F898D4BE00:1676545638:1739703600:::::e:::+::brainpoolP256r1:23:
fpr:::::::::E74545CD33CC0B0F3800E4D72237C4F898D4BE00:
grp:::::::::ECA8237AF7D895D884FC7332CEB2AEB752C66E2E:
If 3.1.26 only offers RSA algos, then Kleopatra obviously assumes that the smart card only supports RSA and therefore doesn't offer the transfer of Brainpool keys.
We got a user report that the issue did not occur before their update from 3.1.25 to 3.1.26
I think Werner backported some missing functionality to GnuPG 2.2. Please retest with the next version.
For Testversion 3.1.27.0-beta44 for "Regenerate key" now the same algorithms as in 3.2.0 are offered for a Yubikey and it is possible to move them to the smart card.
This is fine even for not VSD-compliant keys, as they are marked as such.
For ZeitControl card (version 3.4) it is not possible to move 25519 keys to the card, as the card does not support it.