On 17/06/13 13:12, Heiki "Repentinus" Ojasild wrote:
Dear Daniel,
On 17/06/13 09:52, Daniel Pocock wrote:
and it mentions that the card supports three keys: but from what I've read elsewhere, it appears to only support three 1024 bit keys, or just one 4096 bit key. What does this mean in practice: can a single 4096 bit key be used for all purposes (signing, encryption and ssh) or is it necessary to have three separate cards for each of those subkeys?
I am not sure whether the card supports assigning multiple uses to a single key; however, I have been able to create 3 4096-bit keys on the card. I have used the signing and encryption keys and those definitely
OK, so this feature list may be about older cards or it may not be written clearly: http://wiki.debian.org/Smartcards/OpenPGP#Features
When I saw that, it gave me the impression the card supports either (3 x 1024 keys) or (1 x bigger key)
work. Unfortunately, I had problems with one card reader that worked fine with 2048-bit keys (Akasa AK-CR-03BK External Electronic ID and Smart Card Reader). Fortunately, Omnikey 1021 works fine for me. Neither of those has a separate pin pad, though.
Ok, this leaves me feeling that a much more detailed support matrix (or maybe even a database) may be needed to help people choose their optimal combination of reader + card + key size + software
For example, I would prefer to use 2048 bit keys for the moment if that gives me wider support for card readers and software versions while other users may prefer to only use 4096 bit keys and just focus on a shortlist of hardware that supports such keys and quickly see a list of any software limitations that will apply to them.
Regarding 1024-bit keys support only… This applied to OpenPGP version 1 smartcards. As far as I know, these are no longer distributed to Fellows, so no need to worry about that.
I've definitely got the newer card, I was just concerned about the ambiguity of how many big keys I can put on the card.