Generating 2048 bit RSA Keys on new Aladdin eToken 64k

Dear list,

when I create a pkcs15 structure on my eToken I can only generate or store
max 1024 bit keys. The new 64k pro eToken can handle 2048 bit keys and
pcscd is compiled with extended apdu.

The relevant opensc source tells me that it first calls the funktion
check_key_compatibility() what must return nonzero.

However, it checks the cardos, keyformat, keyusage and keybits, and it
returns zero, or undef when keybits is 2048.

In the opensc docu I can see, that generating 2048 bit keys with pkcs15 is
possible in general and CardOS 4.2 and pcscd 1.3.0 supports it, so I
think, that check_key_compatibility(), gets wrong information here.

I need to store a private CA key on the eToken using openCA. And the key
should have at least 2048 bits.

Can anyone give me some information, when I'm wrong?

Thanks and best regards


Ralf Hornik