Re: Bits from keyring-maint
On Thu, Sep 16, 2010 at 02:02:33PM +0200, Alexander Reichle-Schmehl wrote:
> > FWIW, the OpenPGP smartcard v2 supports keys up to 3072 bits.
> At the recent FrOSCon I have been told, that 4096 bit keys should work,
> but aren't officially supported. (Haven't tested it myself, yet.)
Well, I've tried. Apparently, some of the first 2.0 cards have a
firmware bug that leads to a buffer overrun inside the card if a 3072
bit key is used for decryption (signing and authentication work fine).
The overrun cannot be exploited as it is immediately detected by the
card runtime and the request aborted with an error condition.
FWIW, I'm using a 4096 bit KSK, which is kept in a safe location, and
2048 bit subkeys on a smartcard for daily use. I don't think the large
size for the master key is excessive, as I expect to keep it for several
years, and as it has been generated with key usage explicitly set to "C"
only it cannot be abused directly (i.e. if someone were to get hold of
the key and wanted to upload something to Debian with it, they'd need to
add a subkey and push it to the Debian keyserver, which would make the
entire operation pretty noisy).