Re: Generating 4096 bit key fails – why?
Hello, Am 27.10.2015 um 11:11 schrieb Felix E. Klee: > As already mentioned in the October 2015 thread “Bad secret key” on > , I cannot generate a 4096 bit on > my [OpenPGP card][1]. What could be the issue? AFAIK the card doesn’t support 4096 bit keys. The webpage given by you says the same AFAIS: “Key lengths reducable to 1024 bit; key length of signature keys increasable to 3072 bit. ” Sincerely, DaB. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Generating 4096 bit key fails – why?
On Tue, 27 Oct 2015 11:11, felix.k...@inka.de said: > gpg: error changing size of key 1 to 4096 bits: Invalid data Please add --8<---cut here---start->8--- debug 1024 debug 2048 log-file /this/is/my/scdaemon.log --8<---cut here---end--->8--- to scdaemon.conf, kill scdaemon, and try again. The log file will then contain a log of all APDUs send and received to/from the card. Post it here. Make sure to change the PINs of the card before you start the logging so that you want reveal your PINs. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Generating 4096 bit key fails – why?
As already mentioned in the October 2015 thread “Bad secret key” on , I cannot generate a 4096 bit on my [OpenPGP card][1]. What could be the issue? Details: $ uname -a Linux felix-arch 4.2.3-1-ARCH #1 SMP PREEMPT Sat Oct 3 18:52:50 CEST 2015 x86_64 GNU/Linux $ gpg --version gpg (GnuPG) 2.1.9 libgcrypt 1.6.4 […] $ gpg --card-edit Application ID ...: D276000124010201000540D8 Version ..: 2.1 Manufacturer .: ZeitControl Serial number : 40D8 Name of cardholder: Felix Klee Language prefs ...: de Sex ..: unspecified URL of public key : [not set] Login data ...: [not set] Signature PIN : not forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 0 Signature key : [none] Encryption key: [none] Authentication key: [none] General key info..: [none] gpg/card> admin Admin commands are allowed gpg/card> generate Make off-card backup of encryption key? (Y/n) n What keysize do you want for the Signature key? (2048) 4096 The card will now be re-configured to generate a key of 4096 bits Note: There is no guarantee that the card supports the requested size. If the key generation does not succeed, please check the documentation of your card to see what sizes are allowed. gpg: error changing size of key 1 to 4096 bits: Invalid data [1]: http://g10code.com/p-card.de.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: absolutely nothing to panic over
On 27/10/15 08:25, listo factor wrote: > On 10/27/2015 03:55 AM, Robert J. Hansen wrote: >> You start from tautology and conclude at paradox. This doesn't appear >> to be something to be taken seriously. > > Allow me to try again: > > *There is no secure communication over an insecure channel > without out-of-channel bootstrap*. > > I believe the above can be re-phrased as follows, with no change > in meaning: > > Cryptography is an art of turning large secrets into small secrets. [1] > > We need a secure channel to transfer small secrets (typically > the cryptographic device and the key), so that we can communicate > large secrets over an insecure channel. [2] If what makes you think that public key cryptography is insecure by definition is the possibility to circumvent any key exchange protocol via quantum computation, please note that the same quantum principles allow for quantum key distribution, which is "quantum secure" key exchange over an insecure channel. In general I find broad and overly simplified statements on complex matter very easy to confute, and I thus believe that they must not be taken too seriously. Cheers, Daniele ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: absolutely nothing to panic over
On 10/27/2015 03:55 AM, Robert J. Hansen wrote: You start from tautology and conclude at paradox. This doesn't appear to be something to be taken seriously. Allow me to try again: *There is no secure communication over an insecure channel without out-of-channel bootstrap*. I believe the above can be re-phrased as follows, with no change in meaning: Cryptography is an art of turning large secrets into small secrets. [1] We need a secure channel to transfer small secrets (typically the cryptographic device and the key), so that we can communicate large secrets over an insecure channel. [2] ___ [1] The definition is of course not mine. [2] It is often forgotten that it is not ~only~ the key that comprises the "bootstrap". The cryptographic device does not need to be secret, but it must be authenticated, which can not be done over an insecure channel. Same holds for the "public" key in asymmetric systems. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
