On 11/09/2015 11:50 PM, Christopher Beck wrote: > I have got two sub-keys on the card, one for signing and one for > decryption. Both keys are 4096 bit in size. The issues are only on the > decrpting process: Signing works well, but when I try to decrypt > something (an e-mail or an encrypted file) it just says, there is no > secret key. I switched on debugging output and it tells me: > > "public key decryption failed: General error > decryption failed: No secret key" > > I checked $ gpg -K and $gpg --card-status and so on, and it tells me > exactly the same i can see on my other computers: there are two keys > available on the smart-card. So I am wondering, what the problem is. The > version of gpg is 2.0.14 on scientific linux 6.
I think that 2.0.14 doesn't work well for RSA-4096 decryption on card. It was 2.0.20 (in 2013) which fixed this problem. (The error message was not kind enough, it's not correctly describe the issue.) The problem was, in short, the size of data. Smartcard was designed to handle "small" data, but RSA-4096 is a way big for old design assumptions. In case of signing, because the signature is not that big, it works well. It doesn't work for decryption, since the data size is 4096-bit (= 512-byte). Traditionally, smartcard was designed with the assumption of 256-byte is considered "big", and host software for smartcard assumed data size is less than 256-byte. -- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
