On 04/02/2018 01:10 AM, NIIBE Yutaka wrote:
Most likely, the length of certificate matters. If you can minimize your certificate, please try. I don't know the limitation for the card.
I don't know for the v3.3 card, but v2.1 cards allow for a 2048 bytes certificate (at least mine does, but maybe this has changed between different production runs?).
One way of finding the max allowed size is the following command (here tested with a Yubikey NEO):
$ gpg-connect-agent 'SCD LEARN --force' /bye | grep '^S EXTCAP' S EXTCAP gc=1+ki=1+fc=1+pd=0+mcl3=1216+aac=0+sm=2+si=0+dec=0+bt=0The value you are interested in is "mcl3". In this example, it says that the Yubikey NEO allows for a 1216-bytes certificate.
Damien
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
