Can 4096 bit keys be generated with gpg2 --card-edit ?

[ThomasHedden]

File: [nitrokey3/linux/openpgp-keygen-on-device.rst] https://docs.nitrokey.com/nitrokey3/linux/openpgp-keygen-on-device.html
At the URL
https://docs.nitrokey.com/nitrokey3/linux/openpgp-keygen-on-device
In the section:
Change Key Attributes
It suggests that using the command
gpg2 --card-edit --expert
allows you to change the key size from 2048 to 4096, and then generate keys with the larger key size. Does this actually work? I read somewhere that keys of size 4096 can be IMPORTED, but not GENERATED in this way.
Thomas Hedden

[ThomasHedden]

I forgot to add that I am using a Nitrokey 3a mini.

[sosthene-nitrokey]

Hi,

This used to be the case, but now with SE050 support enabled, it is possible to generate 4096 bit RSA keys. It's not possible when it is disabled. 

You can check whether it is enabled by running: nitropy nk3 get-config opcard.use_se050_backend If it responds with true then it's enabled. If it's false, it can be done through nitropy nk3 set-config opcard.use_se050_backend true (be aware that this will reset your OpenPGP keys).

[sosthene-nitrokey]

We will improve the documentation to make that clearer: #302