2010-09-09 00:51:09 +00:00
|
|
|
Gnuk NEWS - User visible changes
|
|
|
|
|
2011-11-01 06:58:48 +00:00
|
|
|
* Major changes in Gnuk 0.15
|
|
|
|
|
|
|
|
Released 2011-11-XX, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** Experimental PIN-pad support (by TV controller) change
|
|
|
|
Now, Gnuk has codetables for conversion from CIR code to ASCII code.
|
|
|
|
Note that only four controllers (of Dell, Sharp, Sony, and Toshiba)
|
|
|
|
are supported and tested.
|
|
|
|
|
|
|
|
** It is possible for users to keep using OPENPGP_CARD_INITIAL_PW1
|
|
|
|
With a bug fix of verify_user_0, it's now possible. Although it's not
|
|
|
|
recommended.
|
|
|
|
|
|
|
|
** Important bug fix and a workaround
|
|
|
|
In version 0.14, __main_stack_size__ (for interrupt handler) was too
|
|
|
|
small for some cases. This is fixed in 0.15.
|
|
|
|
|
|
|
|
In src/Makefile.in, added -mfix-cortex-m3-ldrd for correctly linking C
|
|
|
|
library for thumb2. This is needed for newer summon-arm-toolchain.
|
|
|
|
|
|
|
|
|
2011-10-07 02:01:21 +00:00
|
|
|
* Major changes in Gnuk 0.14
|
|
|
|
|
|
|
|
Released 2011-10-07, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** Random number generator change
|
|
|
|
NeuG, Gniibe's True RNG implementation for STM32F103, has been
|
|
|
|
integrated to Gnuk. It is not needed to put random number bytes
|
|
|
|
(generated by host) to Token any more.
|
|
|
|
|
|
|
|
|
2011-06-14 23:52:02 +00:00
|
|
|
* Major changes in Gnuk 0.13
|
|
|
|
|
|
|
|
Released 2011-06-15, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** Improved RSA routine.
|
|
|
|
About 20% speed improvement.
|
|
|
|
|
|
|
|
** New tool: hub_ctrl.
|
|
|
|
It is a Python implementation ported from original C implementation.
|
|
|
|
It is useful for development of USB target if you have a good hub.
|
|
|
|
You can power off/on the port to reset Gnuk Token.
|
|
|
|
|
|
|
|
|
2011-05-11 07:48:08 +00:00
|
|
|
* Major changes in Gnuk 0.12
|
|
|
|
|
2011-05-13 02:59:05 +00:00
|
|
|
Released 2011-05-13, by NIIBE Yutaka
|
2011-05-11 07:48:08 +00:00
|
|
|
|
|
|
|
** Admin-less mode is supported.
|
2011-05-11 23:42:57 +00:00
|
|
|
The OpenPGP card specification assumes existence of a security officer
|
|
|
|
(admin), who has privilege to manage the card. On the other hand,
|
2011-05-11 07:48:08 +00:00
|
|
|
many use cases of Gnuk are admin == user.
|
|
|
|
|
|
|
|
Thus, Gnuk now supports "admin-less" mode. In this mode, user can get
|
|
|
|
privilege with the password of PW1.
|
|
|
|
|
|
|
|
At the initialization of the card, Gnuk becomes compatible mode by
|
|
|
|
setting PW3. Without setting PW3, it becomes "admin-less" mode
|
|
|
|
by setting PW1.
|
|
|
|
|
2011-05-12 02:04:14 +00:00
|
|
|
** Important two bug fixes.
|
2011-05-13 02:59:05 +00:00
|
|
|
Gnuk (<= 0.11) has a bug which makes possible for attacker to change
|
|
|
|
user password to unknown state without knowing original password (when
|
|
|
|
no keys are loaded yet). No, attacker could not steal your identity
|
|
|
|
(cannot sign or decrypt), but it would be possible to disturb you.
|
2011-05-12 02:22:08 +00:00
|
|
|
|
2011-05-13 02:59:05 +00:00
|
|
|
Gnuk (<= 0.11) has a bug which makes possible for attacker to guess
|
2011-05-11 23:42:57 +00:00
|
|
|
admin password easily. When admin password is not set (the default
|
|
|
|
value of factory setting), failure of VERIFY doesn't increment error
|
|
|
|
counter in older versions. Observing no increment of error counter,
|
|
|
|
attacker could know that admin password is the one of factory setting.
|
2011-05-11 07:48:08 +00:00
|
|
|
|
|
|
|
** tool/gnuk_put_binary.py now uses pyscard.
|
|
|
|
Instead of PyUSB, it uses Python binding of PC/SC. PyUSB version is
|
|
|
|
still available as tool/gnuk_put_binary_libusb.py.
|
|
|
|
|
|
|
|
** Logo for Gnuk is updated.
|
|
|
|
|
|
|
|
** Gnuk Sticker SVG is available.
|
|
|
|
|
|
|
|
|
2011-05-10 00:30:55 +00:00
|
|
|
* Major changes in Gnuk 0.11
|
|
|
|
|
|
|
|
Released 2011-04-15, by NIIBE Yutaka
|
|
|
|
|
|
|
|
This is bug fixes only release.
|
|
|
|
|
|
|
|
|
2011-02-10 04:57:23 +00:00
|
|
|
* Major changes in Gnuk 0.10
|
|
|
|
|
|
|
|
Released 2011-02-10, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** The executable can be installed to multiple devices.
|
|
|
|
So far, users of Gnuk should have not shared single executable among
|
|
|
|
multiple devices because the executable includes random bits (or
|
|
|
|
fixed serial number). Now, random_bits and fixed serial number are
|
|
|
|
configured *after* compilation, we can install single executable image
|
|
|
|
to multiple devices. Note that we need to configure random_bits for
|
|
|
|
each device.
|
|
|
|
|
|
|
|
** Removed configure option: --with-fixed-serial
|
|
|
|
It is not compile time option any more. After installation, we can
|
|
|
|
modify serial number in AID by tool/gnuk_put_binary.py. Modification
|
|
|
|
is possible only once. If you don't modify, Gnuk uses unique chip ID
|
|
|
|
of STM32 processor for AID.
|
|
|
|
|
|
|
|
|
2011-01-26 02:30:01 +00:00
|
|
|
* Major changes in Gnuk 0.9
|
|
|
|
|
2011-02-01 06:25:36 +00:00
|
|
|
Released 2011-02-01, by NIIBE Yutaka
|
2011-01-26 02:30:01 +00:00
|
|
|
|
2011-02-01 06:25:36 +00:00
|
|
|
** Card Holder Certificate is supported (still this is experimental).
|
|
|
|
Gnuk can support card holder certificate now. Note that GnuPG is not
|
|
|
|
ready yet. The tool/gnuk_update_binary.py is for writing card holder
|
|
|
|
certificate to Gnuk Token.
|
2011-01-27 09:17:01 +00:00
|
|
|
|
2011-01-26 02:30:01 +00:00
|
|
|
** Better interoperability to OpenSC.
|
2011-01-27 06:09:59 +00:00
|
|
|
Gnuk is not yet supported by OpenSC, but it could be. With the
|
2011-01-26 02:30:01 +00:00
|
|
|
changes in Gnuk, it could be relatively easily possible to support
|
|
|
|
Gnuk Token by OpenSC with a few changes to libopensc/card-openpgp.c,
|
2011-01-27 01:02:46 +00:00
|
|
|
and libopensc/pkcs15-openpgp.c.
|
2011-01-26 02:30:01 +00:00
|
|
|
|
2011-02-10 04:57:23 +00:00
|
|
|
** New board support "STBee"
|
|
|
|
STBee is a board by Strawberry Linux Co., Ltd., and it has
|
2011-01-26 02:30:01 +00:00
|
|
|
STM32F103VET6 on the board. The chip is High Density CPU with 512KB
|
|
|
|
flash memory and many I/O. If you want to connect sensor, display,
|
2011-01-27 01:02:46 +00:00
|
|
|
etc., this board would be a good candidate.
|
|
|
|
|
|
|
|
** Experimental PIN-pad modification(unblock) support is added.
|
|
|
|
PIN-pad modification(unblock) is supported.
|
2011-01-26 02:30:01 +00:00
|
|
|
|
|
|
|
|
2011-01-19 06:44:37 +00:00
|
|
|
* Major changes in Gnuk 0.8
|
|
|
|
|
|
|
|
Released 2011-01-19, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** Experimental PIN-pad modification support is added.
|
|
|
|
PIN input using rotally encoder and push switch is tested with STBee
|
|
|
|
Mini. By this hardware, PIN-pad modification is supported.
|
|
|
|
|
|
|
|
|
2011-01-15 12:49:17 +00:00
|
|
|
* Major changes in Gnuk 0.7
|
|
|
|
|
|
|
|
Released 2011-01-15, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** Bug fix only.
|
|
|
|
In version 0.6, a severe bug was introduced in usb-icc.c when adding a
|
|
|
|
work around for libccid 1.3.11. The fix is one-liner, but it is worth
|
|
|
|
to release newer version.
|
|
|
|
|
|
|
|
|
2011-01-14 06:47:15 +00:00
|
|
|
* Major changes in Gnuk 0.6
|
|
|
|
|
|
|
|
Released 2011-01-14, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** Experimental PIN-pad support is added.
|
|
|
|
Local PIN-pad input is suppored for boards which have input hardware.
|
|
|
|
PIN input using consumer IR receive module is tested with STBee Mini
|
|
|
|
and STM8S Discovery.
|
|
|
|
|
|
|
|
** USB device serial number is virtually unique now.
|
|
|
|
STM32F103 has 96-bit unique chip identifier. We take advantage of
|
|
|
|
this, Gnuk Token has virtually unique USB serial number.
|
|
|
|
|
|
|
|
** Card serial number is determined at run time by chip identifier.
|
|
|
|
Until version 0.5, card serial number was compile time option. If we
|
|
|
|
used same binary for different devices, card serial number was same.
|
|
|
|
Now, we use STM32F103's 96-bit unique chip identifier for card serial
|
|
|
|
number (when you don't use --with-fixed-serial option).
|
|
|
|
|
|
|
|
** More improved USB-CCID/ICCD implementation.
|
|
|
|
The changes in 0.5 was not that good for libccid 1.3.11, which has
|
|
|
|
small buffer (only 262-byte APDU). Workaround for libccid 1.3.11 is
|
|
|
|
implemented.
|
|
|
|
|
|
|
|
|
2010-11-29 23:40:01 +00:00
|
|
|
* Major changes in Gnuk 0.5
|
|
|
|
|
2010-12-12 23:51:48 +00:00
|
|
|
Released 2010-12-13, by NIIBE Yutaka
|
2010-11-29 23:40:01 +00:00
|
|
|
|
2010-12-09 01:12:54 +00:00
|
|
|
** LED blink
|
2010-12-10 07:31:25 +00:00
|
|
|
LED blink now shows status output of the card. It shows the status of
|
2010-12-09 01:12:54 +00:00
|
|
|
CHV3, CHV2, and CHV1 when GPG is accessing the card.
|
|
|
|
|
|
|
|
** New board support "STM8S Discovery"
|
2010-11-29 23:40:01 +00:00
|
|
|
ST-Link part (with STM32F103C8T6) of STM8S Discovery board is now supported.
|
|
|
|
|
|
|
|
** Digital signing for SHA224/SHA256/SHA384/SHA512 digestInfo is now possible.
|
|
|
|
|
2010-12-09 01:12:54 +00:00
|
|
|
** Fixes for password management
|
2010-12-12 23:51:48 +00:00
|
|
|
Now, you can allow the token to do digital signing multiple times with
|
2010-12-09 01:12:54 +00:00
|
|
|
single authentication. You can use "forcesig" subcommand in card-edit
|
|
|
|
of GnuPG to enable the feature.
|
2010-11-30 01:04:30 +00:00
|
|
|
|
2010-12-07 06:52:50 +00:00
|
|
|
** Key management changes
|
|
|
|
If you remove all keys, it is possible to import keys again.
|
|
|
|
|
2010-11-29 23:40:01 +00:00
|
|
|
** More improved USB-CCID/ICCD implementation.
|
2010-12-07 06:52:50 +00:00
|
|
|
Gnuk works better with GPG's in-stock protocol stack. You can do
|
|
|
|
digital signing (not decryption, key import, or get_public_key in
|
|
|
|
GPG2). For decryption, key import and get_public_key, changes are
|
|
|
|
needed for GPG (scd/ccid-driver.c) to support the case of extended
|
2010-12-12 23:51:48 +00:00
|
|
|
APDU. In short, you can sign with Gnuk by GPG.
|
2010-11-29 23:40:01 +00:00
|
|
|
|
2010-12-10 07:31:25 +00:00
|
|
|
** Windows support.
|
2010-12-12 23:51:48 +00:00
|
|
|
Gnuk Token could run with GPG4WIN on MS Windows. GPG4WIN runs with
|
|
|
|
"usbccid" driver and "winscard" driver.
|
2010-12-10 07:31:25 +00:00
|
|
|
|
2010-11-29 23:40:01 +00:00
|
|
|
|
2010-11-02 03:37:13 +00:00
|
|
|
* Major changes in Gnuk 0.4
|
|
|
|
|
2010-11-09 05:32:41 +00:00
|
|
|
Released 2010-11-09, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** New board support "STBee Mini".
|
2010-11-02 03:37:13 +00:00
|
|
|
|
|
|
|
** Flash writing tool for "DfuSe" is included now.
|
|
|
|
|
2010-11-09 05:32:41 +00:00
|
|
|
** Since Flash GC is now implemented, it can be used longer.
|
|
|
|
|
2010-11-02 03:37:13 +00:00
|
|
|
|
2010-10-14 08:08:09 +00:00
|
|
|
* Major changes in Gnuk 0.3
|
|
|
|
|
2010-11-02 03:37:13 +00:00
|
|
|
Released 2010-10-23, by NIIBE Yutaka
|
2010-10-14 08:08:09 +00:00
|
|
|
|
|
|
|
** Now we have 'configure' script to select target.
|
|
|
|
|
|
|
|
** Support system with DFU (Device Firmware Upgrade) downloader.
|
|
|
|
|
2010-10-20 01:20:45 +00:00
|
|
|
** New board support "CQ STARM".
|
|
|
|
|
2010-10-14 08:08:09 +00:00
|
|
|
** Improved USB-ICCD implementation. Works fine with GPG's protocol stack.
|
|
|
|
|
|
|
|
|
2010-09-09 16:25:44 +00:00
|
|
|
* Major changes in Gnuk 0.2
|
|
|
|
|
2010-09-13 02:47:21 +00:00
|
|
|
Released 2010-09-13, by NIIBE Yutaka
|
2010-09-09 16:25:44 +00:00
|
|
|
|
|
|
|
** With DEBUG=1, timeout is more than 3 seconds.
|
|
|
|
|
|
|
|
** Flash ROM entries for random numbers are cleared after use.
|
|
|
|
|
2010-09-13 02:47:21 +00:00
|
|
|
** Board support "STM32 Primer 2" now works.
|
|
|
|
|
2010-09-09 16:25:44 +00:00
|
|
|
|
2010-09-09 00:51:09 +00:00
|
|
|
* Major changes in Gnuk 0.1
|
|
|
|
|
2010-09-09 08:50:34 +00:00
|
|
|
Released 2010-09-10, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** Enabled force_chv1 (in the pw_status_bytes), so that the decipher works.
|
|
|
|
|
|
|
|
** Support both of key for digital signing and key for decryption.
|
|
|
|
|
|
|
|
** Decipher is supported.
|
2010-09-09 00:51:09 +00:00
|
|
|
|
2010-09-13 02:47:21 +00:00
|
|
|
** New board support "STM32 Primer 2" is added by Kaz Kojima.
|
2010-09-09 00:51:09 +00:00
|
|
|
|
2010-09-09 08:50:34 +00:00
|
|
|
** LED behavior is meaningful now. "ON" during execution.
|
2010-09-09 00:51:09 +00:00
|
|
|
|
|
|
|
** Fixed bcdCCID revision number.
|
|
|
|
|
|
|
|
** Logo.
|
|
|
|
|
|
|
|
|
|
|
|
* Major changes in Gnuk 0.0
|
|
|
|
|
|
|
|
Released 2010-09-06, by NIIBE Yutaka
|
|
|
|
|
|
|
|
** This is initial release. Only it supports digital signing.
|
|
|
|
|
|
|
|
Local Variables:
|
|
|
|
mode: outline
|
|
|
|
End:
|