I had a SSH key which I imported without problems in my GPG keyring as auth key using pem2openpgp from monkeysphere. The imported key works fine. I removed its SSH version from ~/.ssh and switched from ssh-agent to gnupg-agent with SSH support. The problem came when I purchased a Yubikey 4 and tried to move sign, encrypt and auth keys into it. All keys are 4k RSA. Sign and encrypt keys, created inside gpg, can be moved wihout issues, while the imported auth key is refused. I always get an "Invalid value" error message. If I create a new auth key - 4k RSA as the imported key, it can be moved without issues. I also tried to export and reimport my auth key from and to gpg keyring, without results. Yubikey support dismissed the case some time ago because a non-imported key works. Replacing my current key would be a lot of work, as I manage many servers. I would prefer avoiding it.
This is the debug log from scdaemon.
2020-03-03 22:39:26 scdaemon[4493] writing new key
2020-03-03 22:39:26 scdaemon[4493] RSA modulus size is 4096 bits
2020-03-03 22:39:26 scdaemon[4493] DBG: send apdu: c=00 i=DB p1=3F p2=FF lc=539 le=-1 em=-254
2020-03-03 22:39:26 scdaemon[4493] DBG: PCSC_data: ...
2020-03-03 22:39:26 scdaemon[4493] DBG: PCSC_data: ...
2020-03-03 22:39:26 scdaemon[4493] DBG: response: sw=6A80 datalen=0
2020-03-03 22:39:26 scdaemon[4493] failed to store the key: Invalid value
2020-03-03 22:39:26 scdaemon[4493] operation writekey result: Invalid value
2020-03-03 22:39:26 scdaemon[4493] DBG: chan_7 -> ERR 100663351 Invalid value <SCD>
Any hint would be appreciated. Thanks in advance.
0 Answers