gnuk/NEWS

Gnuk NEWS - User visible changes

* Major changes in Gnuk 0.12

  Released 2011-05-1X, by NIIBE Yutaka

** Admin-less mode is supported.
The OpenPGP card specification assumes existence of a security officer
(admin), who has privilege to manage the card.  On the other hand,
many use cases of Gnuk are admin == user.

Thus, Gnuk now supports "admin-less" mode.  In this mode, user can get
privilege with the password of PW1.

At the initialization of the card, Gnuk becomes compatible mode by
setting PW3.  Without setting PW3, it becomes "admin-less" mode
by setting PW1.

** Important two bug fixes.
Gnuk (<= 0.11) had a bug which makes possible for attacker to guess
admin password easily.  When admin password is not set (the default
value of factory setting), failure of VERIFY doesn't increment error
counter in older versions.  Observing no increment of error counter,
attacker could know that admin password is the one of factory setting.

Gnuk (<= 0.11) had a bug which makes possible for attacker to change
user password without knowing original password.

** tool/gnuk_put_binary.py now uses pyscard.
Instead of PyUSB, it uses Python binding of PC/SC.  PyUSB version is
still available as tool/gnuk_put_binary_libusb.py.

** Logo for Gnuk is updated.

** Gnuk Sticker SVG is available.


* Major changes in Gnuk 0.11

  Released 2011-04-15, by NIIBE Yutaka

This is bug fixes only release.


* Major changes in Gnuk 0.10

  Released 2011-02-10, by NIIBE Yutaka

** The executable can be installed to multiple devices.
So far, users of Gnuk should have not shared single executable among
multiple devices because the executable includes random bits (or
fixed serial number).  Now, random_bits and fixed serial number are
configured *after* compilation, we can install single executable image
to multiple devices.  Note that we need to configure random_bits for
each device.

** Removed configure option: --with-fixed-serial
It is not compile time option any more.  After installation, we can
modify serial number in AID by tool/gnuk_put_binary.py.  Modification
is possible only once.  If you don't modify, Gnuk uses unique chip ID
of STM32 processor for AID.


* Major changes in Gnuk 0.9

  Released 2011-02-01, by NIIBE Yutaka

** Card Holder Certificate is supported (still this is experimental).
Gnuk can support card holder certificate now.  Note that GnuPG is not
ready yet.  The tool/gnuk_update_binary.py is for writing card holder
certificate to Gnuk Token.

** Better interoperability to OpenSC.
Gnuk is not yet supported by OpenSC, but it could be.  With the
changes in Gnuk, it could be relatively easily possible to support
Gnuk Token by OpenSC with a few changes to libopensc/card-openpgp.c,
and libopensc/pkcs15-openpgp.c.

** New board support "STBee"
STBee is a board by Strawberry Linux Co., Ltd., and it has
STM32F103VET6 on the board.  The chip is High Density CPU with 512KB
flash memory and many I/O.  If you want to connect sensor, display,
etc., this board would be a good candidate.

** Experimental PIN-pad modification(unblock) support is added.
PIN-pad modification(unblock) is supported.


* Major changes in Gnuk 0.8

  Released 2011-01-19, by NIIBE Yutaka

** Experimental PIN-pad modification support is added.
PIN input using rotally encoder and push switch is tested with STBee
Mini.  By this hardware, PIN-pad modification is supported.


* Major changes in Gnuk 0.7

  Released 2011-01-15, by NIIBE Yutaka

** Bug fix only.
In version 0.6, a severe bug was introduced in usb-icc.c when adding a
work around for libccid 1.3.11.  The fix is one-liner, but it is worth
to release newer version.


* Major changes in Gnuk 0.6

  Released 2011-01-14, by NIIBE Yutaka

** Experimental PIN-pad support is added.
Local PIN-pad input is suppored for boards which have input hardware.
PIN input using consumer IR receive module is tested with STBee Mini
and STM8S Discovery.

** USB device serial number is virtually unique now.
STM32F103 has 96-bit unique chip identifier.  We take advantage of
this, Gnuk Token has virtually unique USB serial number.

** Card serial number is determined at run time by chip identifier.
Until version 0.5, card serial number was compile time option.  If we
used same binary for different devices, card serial number was same.
Now, we use STM32F103's 96-bit unique chip identifier for card serial
number (when you don't use --with-fixed-serial option).

** More improved USB-CCID/ICCD implementation.
The changes in 0.5 was not that good for libccid 1.3.11, which has
small buffer (only 262-byte APDU).  Workaround for libccid 1.3.11 is
implemented.


* Major changes in Gnuk 0.5

  Released 2010-12-13, by NIIBE Yutaka

** LED blink
LED blink now shows status output of the card.  It shows the status of
CHV3, CHV2, and CHV1 when GPG is accessing the card.

** New board support "STM8S Discovery"
ST-Link part (with STM32F103C8T6) of STM8S Discovery board is now supported.

** Digital signing for SHA224/SHA256/SHA384/SHA512 digestInfo is now possible.

** Fixes for password management
Now, you can allow the token to do digital signing multiple times with
single authentication.  You can use "forcesig" subcommand in card-edit
of GnuPG to enable the feature.

** Key management changes
If you remove all keys, it is possible to import keys again.

** More improved USB-CCID/ICCD implementation.
Gnuk works better with GPG's in-stock protocol stack.  You can do
digital signing (not decryption, key import, or get_public_key in
GPG2).  For decryption, key import and get_public_key, changes are
needed for GPG (scd/ccid-driver.c) to support the case of extended
APDU.  In short, you can sign with Gnuk by GPG.

** Windows support.
Gnuk Token could run with GPG4WIN on MS Windows.  GPG4WIN runs with
"usbccid" driver and "winscard" driver.


* Major changes in Gnuk 0.4

  Released 2010-11-09, by NIIBE Yutaka

** New board support "STBee Mini".

** Flash writing tool for "DfuSe" is included now.

** Since Flash GC is now implemented, it can be used longer.


* Major changes in Gnuk 0.3

  Released 2010-10-23, by NIIBE Yutaka

** Now we have 'configure' script to select target.

** Support system with DFU (Device Firmware Upgrade) downloader.

** New board support "CQ STARM".

** Improved USB-ICCD implementation.  Works fine with GPG's protocol stack.


* Major changes in Gnuk 0.2

  Released 2010-09-13, by NIIBE Yutaka

** With DEBUG=1, timeout is more than 3 seconds.

** Flash ROM entries for random numbers are cleared after use. 

** Board support "STM32 Primer 2" now works.
 

* Major changes in Gnuk 0.1

  Released 2010-09-10, by NIIBE Yutaka

** Enabled force_chv1 (in the pw_status_bytes), so that the decipher works.

** Support both of key for digital signing and key for decryption.

** Decipher is supported.

** New board support "STM32 Primer 2" is added by Kaz Kojima.

** LED behavior is meaningful now.  "ON" during execution.

** Fixed bcdCCID revision number.

** Logo.


* Major changes in Gnuk 0.0

  Released 2010-09-06, by NIIBE Yutaka

** This is initial release.  Only it supports digital signing.

Local Variables:
mode: outline
End:
STM32 Primer 2 support. 2010-09-09 00:51:09 +00:00			`Gnuk NEWS - User visible changes`

update NEWS and README 2011-05-11 07:48:08 +00:00			`* Major changes in Gnuk 0.12`

			`Released 2011-05-1X, by NIIBE Yutaka`

			`** Admin-less mode is supported.`
pw err counter fix 2011-05-11 23:42:57 +00:00			`The OpenPGP card specification assumes existence of a security officer`
			`(admin), who has privilege to manage the card. On the other hand,`
update NEWS and README 2011-05-11 07:48:08 +00:00			`many use cases of Gnuk are admin == user.`

			`Thus, Gnuk now supports "admin-less" mode. In this mode, user can get`
			`privilege with the password of PW1.`

			`At the initialization of the card, Gnuk becomes compatible mode by`
			`setting PW3. Without setting PW3, it becomes "admin-less" mode`
			`by setting PW1.`

buf fix of password change 2011-05-12 02:04:14 +00:00			`** Important two bug fixes.`
			`Gnuk (<= 0.11) had a bug which makes possible for attacker to guess`
pw err counter fix 2011-05-11 23:42:57 +00:00			`admin password easily. When admin password is not set (the default`
			`value of factory setting), failure of VERIFY doesn't increment error`
			`counter in older versions. Observing no increment of error counter,`
			`attacker could know that admin password is the one of factory setting.`
update NEWS and README 2011-05-11 07:48:08 +00:00
buf fix of password change 2011-05-12 02:04:14 +00:00			`Gnuk (<= 0.11) had a bug which makes possible for attacker to change`
			`user password without knowing original password.`

update NEWS and README 2011-05-11 07:48:08 +00:00			`** tool/gnuk_put_binary.py now uses pyscard.`
			`Instead of PyUSB, it uses Python binding of PC/SC. PyUSB version is`
			`still available as tool/gnuk_put_binary_libusb.py.`

			`** Logo for Gnuk is updated.`

			`** Gnuk Sticker SVG is available.`


added missing entry of 0.11 2011-05-10 00:30:55 +00:00			`* Major changes in Gnuk 0.11`

			`Released 2011-04-15, by NIIBE Yutaka`

			`This is bug fixes only release.`


Version 0.10 2011-02-10 04:57:23 +00:00			`* Major changes in Gnuk 0.10`

			`Released 2011-02-10, by NIIBE Yutaka`

			`** The executable can be installed to multiple devices.`
			`So far, users of Gnuk should have not shared single executable among`
			`multiple devices because the executable includes random bits (or`
			`fixed serial number). Now, random_bits and fixed serial number are`
			`configured after compilation, we can install single executable image`
			`to multiple devices. Note that we need to configure random_bits for`
			`each device.`

			`** Removed configure option: --with-fixed-serial`
			`It is not compile time option any more. After installation, we can`
			`modify serial number in AID by tool/gnuk_put_binary.py. Modification`
			`is possible only once. If you don't modify, Gnuk uses unique chip ID`
			`of STM32 processor for AID.`


STBEE support 2011-01-26 02:30:01 +00:00			`* Major changes in Gnuk 0.9`

version 0.9 2011-02-01 06:25:36 +00:00			`Released 2011-02-01, by NIIBE Yutaka`
STBEE support 2011-01-26 02:30:01 +00:00
version 0.9 2011-02-01 06:25:36 +00:00			`** Card Holder Certificate is supported (still this is experimental).`
			`Gnuk can support card holder certificate now. Note that GnuPG is not`
			`ready yet. The tool/gnuk_update_binary.py is for writing card holder`
			`certificate to Gnuk Token.`
card holder certificate support 2011-01-27 09:17:01 +00:00
STBEE support 2011-01-26 02:30:01 +00:00			`** Better interoperability to OpenSC.`
some cosmetic changes 2011-01-27 06:09:59 +00:00			`Gnuk is not yet supported by OpenSC, but it could be. With the`
STBEE support 2011-01-26 02:30:01 +00:00			`changes in Gnuk, it could be relatively easily possible to support`
			`Gnuk Token by OpenSC with a few changes to libopensc/card-openpgp.c,`
unblock with pinpad 2011-01-27 01:02:46 +00:00			`and libopensc/pkcs15-openpgp.c.`
STBEE support 2011-01-26 02:30:01 +00:00
Version 0.10 2011-02-10 04:57:23 +00:00			`** New board support "STBee"`
			`STBee is a board by Strawberry Linux Co., Ltd., and it has`
STBEE support 2011-01-26 02:30:01 +00:00			`STM32F103VET6 on the board. The chip is High Density CPU with 512KB`
			`flash memory and many I/O. If you want to connect sensor, display,`
unblock with pinpad 2011-01-27 01:02:46 +00:00			`etc., this board would be a good candidate.`

			`** Experimental PIN-pad modification(unblock) support is added.`
			`PIN-pad modification(unblock) is supported.`
STBEE support 2011-01-26 02:30:01 +00:00

version 0.8 2011-01-19 06:44:37 +00:00			`* Major changes in Gnuk 0.8`

			`Released 2011-01-19, by NIIBE Yutaka`

			`** Experimental PIN-pad modification support is added.`
			`PIN input using rotally encoder and push switch is tested with STBee`
			`Mini. By this hardware, PIN-pad modification is supported.`


version 0.7 2011-01-15 12:49:17 +00:00			`* Major changes in Gnuk 0.7`

			`Released 2011-01-15, by NIIBE Yutaka`

			`** Bug fix only.`
			`In version 0.6, a severe bug was introduced in usb-icc.c when adding a`
			`work around for libccid 1.3.11. The fix is one-liner, but it is worth`
			`to release newer version.`


version 0.6 2011-01-14 06:47:15 +00:00			`* Major changes in Gnuk 0.6`

			`Released 2011-01-14, by NIIBE Yutaka`

			`** Experimental PIN-pad support is added.`
			`Local PIN-pad input is suppored for boards which have input hardware.`
			`PIN input using consumer IR receive module is tested with STBee Mini`
			`and STM8S Discovery.`

			`** USB device serial number is virtually unique now.`
			`STM32F103 has 96-bit unique chip identifier. We take advantage of`
			`this, Gnuk Token has virtually unique USB serial number.`

			`** Card serial number is determined at run time by chip identifier.`
			`Until version 0.5, card serial number was compile time option. If we`
			`used same binary for different devices, card serial number was same.`
			`Now, we use STM32F103's 96-bit unique chip identifier for card serial`
			`number (when you don't use --with-fixed-serial option).`

			`** More improved USB-CCID/ICCD implementation.`
			`The changes in 0.5 was not that good for libccid 1.3.11, which has`
			`small buffer (only 262-byte APDU). Workaround for libccid 1.3.11 is`
			`implemented.`


try to remove newlib dependency 2010-11-29 23:40:01 +00:00			`* Major changes in Gnuk 0.5`

version 0.5 2010-12-12 23:51:48 +00:00			`Released 2010-12-13, by NIIBE Yutaka`
try to remove newlib dependency 2010-11-29 23:40:01 +00:00
LED blink 2010-12-09 01:12:54 +00:00			`** LED blink`
works better on windows 2010-12-10 07:31:25 +00:00			`LED blink now shows status output of the card. It shows the status of`
LED blink 2010-12-09 01:12:54 +00:00			`CHV3, CHV2, and CHV1 when GPG is accessing the card.`

			`** New board support "STM8S Discovery"`
try to remove newlib dependency 2010-11-29 23:40:01 +00:00			`ST-Link part (with STM32F103C8T6) of STM8S Discovery board is now supported.`

			`** Digital signing for SHA224/SHA256/SHA384/SHA512 digestInfo is now possible.`

LED blink 2010-12-09 01:12:54 +00:00			`** Fixes for password management`
version 0.5 2010-12-12 23:51:48 +00:00			`Now, you can allow the token to do digital signing multiple times with`
LED blink 2010-12-09 01:12:54 +00:00			`single authentication. You can use "forcesig" subcommand in card-edit`
			`of GnuPG to enable the feature.`
new password management 2010-11-30 01:04:30 +00:00
more fix 2010-12-07 06:52:50 +00:00			`** Key management changes`
			`If you remove all keys, it is possible to import keys again.`

try to remove newlib dependency 2010-11-29 23:40:01 +00:00			`** More improved USB-CCID/ICCD implementation.`
more fix 2010-12-07 06:52:50 +00:00			`Gnuk works better with GPG's in-stock protocol stack. You can do`
			`digital signing (not decryption, key import, or get_public_key in`
			`GPG2). For decryption, key import and get_public_key, changes are`
			`needed for GPG (scd/ccid-driver.c) to support the case of extended`
version 0.5 2010-12-12 23:51:48 +00:00			`APDU. In short, you can sign with Gnuk by GPG.`
try to remove newlib dependency 2010-11-29 23:40:01 +00:00
works better on windows 2010-12-10 07:31:25 +00:00			`** Windows support.`
version 0.5 2010-12-12 23:51:48 +00:00			`Gnuk Token could run with GPG4WIN on MS Windows. GPG4WIN runs with`
			`"usbccid" driver and "winscard" driver.`
works better on windows 2010-12-10 07:31:25 +00:00
try to remove newlib dependency 2010-11-29 23:40:01 +00:00
doc changes 2010-11-02 03:37:13 +00:00			`* Major changes in Gnuk 0.4`

version 0.4 2010-11-09 05:32:41 +00:00			`Released 2010-11-09, by NIIBE Yutaka`

			`** New board support "STBee Mini".`
doc changes 2010-11-02 03:37:13 +00:00
			`** Flash writing tool for "DfuSe" is included now.`

version 0.4 2010-11-09 05:32:41 +00:00			`** Since Flash GC is now implemented, it can be used longer.`

doc changes 2010-11-02 03:37:13 +00:00
Added configure and DFU support. 2010-10-14 08:08:09 +00:00			`* Major changes in Gnuk 0.3`

doc changes 2010-11-02 03:37:13 +00:00			`Released 2010-10-23, by NIIBE Yutaka`
Added configure and DFU support. 2010-10-14 08:08:09 +00:00
			`** Now we have 'configure' script to select target.`

			`** Support system with DFU (Device Firmware Upgrade) downloader.`

Changes for CQ STARM. 2010-10-20 01:20:45 +00:00			`** New board support "CQ STARM".`

Added configure and DFU support. 2010-10-14 08:08:09 +00:00			`** Improved USB-ICCD implementation. Works fine with GPG's protocol stack.`


fixes and enhancements 2010-09-09 16:25:44 +00:00			`* Major changes in Gnuk 0.2`

version 0.2 2010-09-13 02:47:21 +00:00			`Released 2010-09-13, by NIIBE Yutaka`
fixes and enhancements 2010-09-09 16:25:44 +00:00
			`** With DEBUG=1, timeout is more than 3 seconds.`

			`** Flash ROM entries for random numbers are cleared after use.`

version 0.2 2010-09-13 02:47:21 +00:00			`** Board support "STM32 Primer 2" now works.`

fixes and enhancements 2010-09-09 16:25:44 +00:00
STM32 Primer 2 support. 2010-09-09 00:51:09 +00:00			`* Major changes in Gnuk 0.1`

Release 0.1. 2010-09-09 08:50:34 +00:00			`Released 2010-09-10, by NIIBE Yutaka`

			`** Enabled force_chv1 (in the pw_status_bytes), so that the decipher works.`

			`** Support both of key for digital signing and key for decryption.`

			`** Decipher is supported.`
STM32 Primer 2 support. 2010-09-09 00:51:09 +00:00
version 0.2 2010-09-13 02:47:21 +00:00			`** New board support "STM32 Primer 2" is added by Kaz Kojima.`
STM32 Primer 2 support. 2010-09-09 00:51:09 +00:00
Release 0.1. 2010-09-09 08:50:34 +00:00			`** LED behavior is meaningful now. "ON" during execution.`
STM32 Primer 2 support. 2010-09-09 00:51:09 +00:00
			`** Fixed bcdCCID revision number.`

			`** Logo.`


			`* Major changes in Gnuk 0.0`

			`Released 2010-09-06, by NIIBE Yutaka`

			`** This is initial release. Only it supports digital signing.`

			`Local Variables:`
			`mode: outline`
			`End:`