It seems gpg up to the latest released version has a built-in maximum length for smartcard rsa >encryption< keys of 3072bit. Which, at least for the OpenPGP 2.0 cards sold by g10code ("Zeitcontrol"), is not a hardware limitation; these support 4096 (althoug 3072 is printed on the backside) [1]. This was discovered in november 2012 [2] and fixed by Werner Koch in git commit ab4ea45f54006eba55db11263431c4c0c4f557dc (stable 2.0 branch). The patch applies cleanly to 2.0.19 except for one whitespace issue. I've applied it locally here, and can suddenly decrypt stuff fine with the testing key that I made. I have asked on the gnupg-devel mailing list whether that patch is safe to backport, I'll link to the thread once the non-member submission has gotten through. [1] http://marc.info/?l=gnupg-users&m=131477338132206 [2] http://gnupg.10057.n7.nabble.com/Re-Card-fails-to-decrypt-using-4096-bit-key-td15173.html
Created attachment 344672 [details] the original patch obtained from git
Added to gnupg-2.0.19-r2