Some time ago there was some discussion about the fellowship smartcard
and 4096 bit keys. I understand that most of the recent cards that say
they support 3072 actually support 4096.
Debian 7 now includes gnupg v2.0.19, so it supports 4096 as well
The SPR532 pinpad card reader was recommended by Martin, I notice it is
superseded by the SPR332. However, the SPR332 is not on the supported
list here:
http://wiki.debian.org/Smartcards
and I also found comments suggesting that pinpad support used to be
problematic, but that was 2005:
http://lists.gnupg.org/pipermail/gnupg-users/2005-June/026082.html
and this email says it works, but doesn't specifically reference the pinpad:
http://lists.gnupg.org/pipermail/gnupg-users/2013-February/046054.html
and it's not clear whether that means it works just for GnuPG or
potentially for other applications too (e.g. Iceweasel/Firefox, Java)
I also had another look at the fellowship page:
http://fellowship.fsfe.org/card.html
and it mentions that the card supports three keys: but from what I've
read elsewhere, it appears to only support three 1024 bit keys, or just
one 4096 bit key. What does this mean in practice: can a single 4096
bit key be used for all purposes (signing, encryption and ssh) or is it
necessary to have three separate cards for each of those subkeys?