Key Generation Failed with brainpoolp256r1

[luginbash]

~$ gpg --card-status

Reader ...........: Ledger Token [Nano S] (0001) 00 00
Application ID ...: D2760001240103032C97D4F4DE9A0000
Version ..........: 3.3
Manufacturer .....: unknown
Serial number ....: D4F4DE9A
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: brainpoolP256r1 brainpoolP256r1 brainpoolP256r1
Max. PIN lengths .: 12 12 12
PIN retry counter : 3 0 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

~$ gpg-connect-agent
> genkey 1
S INQUIRE_MAXLEN 1024
INQUIRE KEYPARAM
ERR 67109141 IPC call has been cancelled <GPG Agent>
> scd genkey 1
ERR 100663404 Card error <SCD>
> scd genkey 2
ERR 100663404 Card error <SCD>
> scd genkey 3
ERR 100663404 Card error <SCD>

[luginbash]

but works with primefield 384. how strange.

> SCD SETATTR KEY-ATTR --force 1 19 brainpoolP384r1
OK
> SCD SETATTR KEY-ATTR --force 3 19 brainpoolP384r1
OK
> SCD SETATTR KEY-ATTR --force 2 18 brainpoolP384r1
OK
> SCD GENKEY 1
S KEY-CREATED-AT 1536223806
S KEY-DATA q 04216224CF3E281B6EAF1E8919B368CD8CF3327B44F9504E11E23A6476B9847752BA9D97FF8BD857AE676FF5AE5
9A8EDF62B0AA60FC8644DCE93F88BD254B20D451B3DC50000000000000000000000000000000000000000000000000000000000
S KEY-DATA curve 092B240303020801010B
S KEY-FPR 510F55725ADBB047BF157701FDD3EA046C099D32
OK
> /bye

[antonio-fr]

This really looks this is because of this issue: https://github.com/LedgerHQ/openpgp-card-app/issues/66

The applet is not following the standard for SETATTR KEY-ATTR, and it works when it shoudn't, so gnupg thinks this is OK, then when GENKEY, it reports a card error.

[cedelavergne-ledger]

Hi, These curves are considered not supported for the moment.