Discussion:
FSFE smart card and 4096 bit keys?
Daniel Pocock
2012-10-07 11:59:47 UTC
Permalink
I recently received my card, and reading the document here:
http://fellowship.fsfe.org/card.en.html
referred me to the instructions here:
http://www.gnupg.org/howtos/card-howto/en/ch01.html

Under s1.1, it suggests the OpenPGP card only has 1024 bit RSA, which
many people are now trying to phase out. I personally use 4096 bit
RSA for PGP and SSH purposes.

As for choosing a card reader, I came across this page:
http://www.gnupg.org/howtos/card-howto/en/ch02s02.html

but it is dated March 2007 - is there any updated advice/suggestions
available?

I have previously had some correspondence with gooze
http://www.gooze.eu/
they are open-source friendly but they have also told me about a year
ago that they can only supply cards up to 2048 bit (that is now the
minimum accepted by Debian, for example) but would look for 4096 bit
cards if there was sufficient interest.
Werner Koch
2012-10-07 14:47:47 UTC
Permalink
Post by Daniel Pocock
Under s1.1, it suggests the OpenPGP card only has 1024 bit RSA, which
These cards are not anymore distributes for some years now. The current
card (Fellowship card or those from kernelconcepts) support 4096 bit
RSA. However, they are advertised with a limit of 3072, because only
recent versions of GnuPG can cope with more than 3072 bits.

However, I don't see any reason why one should use more than 2048 bit
with the card. Are you sure the OS and code of the card is secure and
reliable enough to hold up with the security expectations of a larger
key? I am not.


Shalom-Salam,

Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Daniel Pocock
2012-10-07 15:12:56 UTC
Permalink
Post by Werner Koch
Post by Daniel Pocock
Under s1.1, it suggests the OpenPGP card only has 1024 bit RSA, which
These cards are not anymore distributes for some years now. The current
card (Fellowship card or those from kernelconcepts) support 4096 bit
RSA. However, they are advertised with a limit of 3072, because only
recent versions of GnuPG can cope with more than 3072 bits.
Debian 6 has 1.4.10-4
Debian 7 has 1.4.12-4+b1

Both of those versions are happy to work with 4096 bit keys in normal
keyring files and signatures (but not on smart cards).

Apparently v2.0.18 adds the 4096 bit key support for OpenPGP cards, and
it has been around for 12 months now:
http://lists.gnupg.org/pipermail/gnupg-announce/2011q3/000312.html
Post by Werner Koch
However, I don't see any reason why one should use more than 2048 bit
with the card. Are you sure the OS and code of the card is secure and
reliable enough to hold up with the security expectations of a larger
key? I am not.
Debian recommends 4096 bit RSA as the default for any newly created PGP
keys. CACert.org also signs 4096 bit certs. I realise there are many
other security factors to consider. Just for convenience, I would
prefer to avoid creating 2048 bit keys and then later having to change
them to 4096 bit.

https://lists.debian.org/debian-devel-announce/2010/09/msg00003.html
Werner Koch
2012-10-12 13:18:58 UTC
Permalink
Post by Daniel Pocock
Debian recommends 4096 bit RSA as the default for any newly created PGP
keys. CACert.org also signs 4096 bit certs. I realise there are many
That is even more stupid than their use of SHA-256 in packages file.
They substituted a proper threat analysis by Security Theater.


Salam-Shalom,

Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Martin Gollowitzer
2012-10-07 14:52:31 UTC
Permalink
* Daniel Pocock <daniel at pocock.com.au> [121007 14:00,
Post by Daniel Pocock
http://fellowship.fsfe.org/card.en.html
http://www.gnupg.org/howtos/card-howto/en/ch01.html
Unfortunately, this information is not up to date.
Post by Daniel Pocock
http://www.gnupg.org/howtos/card-howto/en/ch02s02.html
but it is dated March 2007 - is there any updated advice/suggestions
available?
Do you want to use a card reader with or without PIN pad? In the first
case, I recommend the SPR532 from ACM (also called pinpad pro). If you
prefer a small one, try the SCM SCR 335.
Post by Daniel Pocock
I have previously had some correspondence with gooze
http://www.gooze.eu/
they are open-source friendly but they have also told me about a year
ago that they can only supply cards up to 2048 bit (that is now the
minimum accepted by Debian, for example) but would look for 4096 bit
cards if there was sufficient interest.
The Fellowship card supports up to 2048 bit keys (for signing keys even
up to 3072 bit keys) because it is an OpenPGP v2.0 card. AFAIK, there
are currently no cards that support 4096 bit RSA keys in the market at
the moment (I might of course be wrong about that).

All the best,
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://mail.fsfeurope.org/pipermail/discussion/attachments/20121007/7a5ae348/attachment.pgp>
Martin Gollowitzer
2012-10-07 14:53:41 UTC
Permalink
* Martin Gollowitzer <gollo at fsfe.org> [121007 16:52,
Post by Martin Gollowitzer
The Fellowship card supports up to 2048 bit keys (for signing keys even
up to 3072 bit keys) because it is an OpenPGP v2.0 card. AFAIK, there
are currently no cards that support 4096 bit RSA keys in the market at
the moment (I might of course be wrong about that).
And I am wrong ? see Werner's previous mail to this list :-)

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://mail.fsfeurope.org/pipermail/discussion/attachments/20121007/dbac367f/attachment.pgp>
Loading...