mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 02:40:08 +00:00
version 1.1.5
This commit is contained in:
parent
3926f42647
commit
2471616f74
13
ChangeLog
13
ChangeLog
@ -1,3 +1,16 @@
|
|||||||
|
2015-06-03 Niibe Yutaka <gniibe@fsij.org>
|
||||||
|
|
||||||
|
* VERSION: 1.1.5.
|
||||||
|
|
||||||
|
* test/ecc_nistp256_keys.py: New.
|
||||||
|
|
||||||
|
* tool/upgrade_by_passwd.py: Remove -p option and add -f option.
|
||||||
|
|
||||||
|
* tool/gnuk_token.py (gnuk_token.download): Add verbose flag.
|
||||||
|
(regnual.download): Ditto.
|
||||||
|
|
||||||
|
* tool/gnuk_upgrade.py: Use gnuk_token module.
|
||||||
|
|
||||||
2015-06-02 Niibe Yutaka <gniibe@fsij.org>
|
2015-06-02 Niibe Yutaka <gniibe@fsij.org>
|
||||||
|
|
||||||
* src/openpgp.c (cmd_pso): Support OpenPGPcard spec v3.0.
|
* src/openpgp.c (cmd_pso): Support OpenPGPcard spec v3.0.
|
||||||
|
21
NEWS
21
NEWS
@ -1,5 +1,26 @@
|
|||||||
Gnuk NEWS - User visible changes
|
Gnuk NEWS - User visible changes
|
||||||
|
|
||||||
|
* Major changes in Gnuk 1.1.5
|
||||||
|
|
||||||
|
Released 2015-06-03, by NIIBE Yutaka
|
||||||
|
|
||||||
|
** upgrade_by_passwd.py is not so noisy any more.
|
||||||
|
Since it's getting stable, no debug output any more.
|
||||||
|
|
||||||
|
** Maple mini support.
|
||||||
|
Although it's random number generation is not tested, Maple mini
|
||||||
|
support is added.
|
||||||
|
|
||||||
|
** Windows interoperability fix.
|
||||||
|
1.1.x (0 to 4) didn't work with Windows because of INTERRUPT transfer.
|
||||||
|
It's fixed and it works now.
|
||||||
|
|
||||||
|
** OpenPGPcard specification v3.0 compatibility.
|
||||||
|
OpenPGPcard specification v3.0 now include NIST curves (and other
|
||||||
|
curves) and ECDSA and ECDH operations are defined. Gnuk follows
|
||||||
|
this specification.
|
||||||
|
|
||||||
|
|
||||||
* Major changes in Gnuk 1.1.4
|
* Major changes in Gnuk 1.1.4
|
||||||
|
|
||||||
Released 2014-12-15, by NIIBE Yutaka
|
Released 2014-12-15, by NIIBE Yutaka
|
||||||
|
8
README
8
README
@ -1,14 +1,14 @@
|
|||||||
Gnuk - An Implementation of USB Cryptographic Token for GnuPG
|
Gnuk - An Implementation of USB Cryptographic Token for GnuPG
|
||||||
|
|
||||||
Version 1.1.4
|
Version 1.1.5
|
||||||
2014-12-15
|
2015-06-03
|
||||||
Niibe Yutaka
|
Niibe Yutaka
|
||||||
Free Software Initiative of Japan
|
Free Software Initiative of Japan
|
||||||
|
|
||||||
Warning
|
Warning
|
||||||
=======
|
=======
|
||||||
|
|
||||||
This is another experimental release of Gnuk, version 1.1.4, which has
|
This is another experimental release of Gnuk, version 1.1.5, which has
|
||||||
incompatible changes to Gnuk 1.0.x. Specifically, it now supports
|
incompatible changes to Gnuk 1.0.x. Specifically, it now supports
|
||||||
overriding key import, but importing keys (or generating keys) results
|
overriding key import, but importing keys (or generating keys) results
|
||||||
password reset. Please update your documentation for Gnuk Token, so
|
password reset. Please update your documentation for Gnuk Token, so
|
||||||
@ -25,7 +25,7 @@ What's Gnuk?
|
|||||||
============
|
============
|
||||||
|
|
||||||
Gnuk is an implementation of USB cryptographic token for GNU Privacy
|
Gnuk is an implementation of USB cryptographic token for GNU Privacy
|
||||||
Guard. Gnuk supports OpenPGP card protocol version 2, and it runs on
|
Guard. Gnuk supports OpenPGP card protocol version 3, and it runs on
|
||||||
STM32F103 processor.
|
STM32F103 processor.
|
||||||
|
|
||||||
I wish that Gnuk will be a developer's soother who uses GnuPG. I have
|
I wish that Gnuk will be a developer's soother who uses GnuPG. I have
|
||||||
|
1
THANKS
1
THANKS
@ -8,6 +8,7 @@ encouraging the development, testing the implementation, suggesting
|
|||||||
improvements, or fixing bugs. Here is a list of those people.
|
improvements, or fixing bugs. Here is a list of those people.
|
||||||
|
|
||||||
Achim Pietig achim@pietig.com
|
Achim Pietig achim@pietig.com
|
||||||
|
Aidan Thornton
|
||||||
Andre Zepezauer andre.zepezauer@student.uni-halle.de
|
Andre Zepezauer andre.zepezauer@student.uni-halle.de
|
||||||
Hironobu SUZUKI hironobu@h2np.net
|
Hironobu SUZUKI hironobu@h2np.net
|
||||||
Jan Suhr jan@suhr.info
|
Jan Suhr jan@suhr.info
|
||||||
|
@ -5,174 +5,14 @@ Key import from PC to Gnuk Token (no removal)
|
|||||||
This document describes how I put my **keys on PC** to the Token
|
This document describes how I put my **keys on PC** to the Token
|
||||||
without removing keys from PC.
|
without removing keys from PC.
|
||||||
|
|
||||||
The difference is just not-to-save changes after key imports.
|
The difference is only the last step.
|
||||||
|
I don't save changes on PC after keytocard.
|
||||||
|
|
||||||
After personalization, I put my keys into the Token.
|
For the steps before the last step, please see `keytocard with removing keys on PC`_.
|
||||||
|
|
||||||
Here is the log.
|
.. _keytocard removing keys: gnuk-keytocard
|
||||||
|
|
||||||
I invoke GnuPG with my key (4ca7babe) and with ``--homedir`` option
|
Here is the session log of the last step.
|
||||||
to specify the directory which contains my secret keys. ::
|
|
||||||
|
|
||||||
$ gpg --homedir=/home/gniibe/tmp/gnuk-testing-dir --edit-key 4ca7babe
|
|
||||||
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
|
|
||||||
This is free software: you are free to change and redistribute it.
|
|
||||||
There is NO WARRANTY, to the extent permitted by law.
|
|
||||||
|
|
||||||
Secret key is available.
|
|
||||||
|
|
||||||
pub 2048R/4CA7BABE created: 2010-10-15 expires: never usage: SC
|
|
||||||
trust: ultimate validity: ultimate
|
|
||||||
sub 2048R/084239CF created: 2010-10-15 expires: never usage: E
|
|
||||||
sub 2048R/5BB065DC created: 2010-10-22 expires: never usage: A
|
|
||||||
[ultimate] (1). NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
|
|
||||||
Then, GnuPG enters its own command interaction mode. The prompt is ``gpg>``.
|
|
||||||
To enable ``keytocard`` command, I type ``toggle`` command. ::
|
|
||||||
|
|
||||||
gpg> toggle
|
|
||||||
|
|
||||||
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
|
|
||||||
ssb 2048R/084239CF created: 2010-10-15 expires: never
|
|
||||||
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
|
|
||||||
(1) NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
Firstly, I import my primary key into Gnuk Token.
|
|
||||||
I type ``keytocard`` command, answer ``y`` to confirm keyimport,
|
|
||||||
and type ``1`` to say it's signature key. ::
|
|
||||||
|
|
||||||
gpg> keytocard
|
|
||||||
Really move the primary key? (y/N) y
|
|
||||||
Signature key ....: [none]
|
|
||||||
Encryption key....: [none]
|
|
||||||
Authentication key: [none]
|
|
||||||
|
|
||||||
Please select where to store the key:
|
|
||||||
(1) Signature key
|
|
||||||
(3) Authentication key
|
|
||||||
Your selection? 1
|
|
||||||
|
|
||||||
Then, GnuPG asks two passwords. One is the passphrase of **keys on PC**
|
|
||||||
and another is the password of **Gnuk Token**. Note that the password of
|
|
||||||
the token and the password of the keys on PC are different things,
|
|
||||||
although they can be same.
|
|
||||||
|
|
||||||
Here, I assume that Gnuk Token's admin password of factory setting (12345678).
|
|
||||||
|
|
||||||
I enter these passwords. ::
|
|
||||||
|
|
||||||
You need a passphrase to unlock the secret key for
|
|
||||||
user: "NIIBE Yutaka <gniibe@fsij.org>"
|
|
||||||
2048-bit RSA key, ID 4CA7BABE, created 2010-10-15
|
|
||||||
<PASSWORD-KEY-4CA7BABE>
|
|
||||||
gpg: writing new key
|
|
||||||
gpg: 3 Admin PIN attempts remaining before card is permanently locked
|
|
||||||
|
|
||||||
Please enter the Admin PIN
|
|
||||||
Enter Admin PIN: 12345678
|
|
||||||
|
|
||||||
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb 2048R/084239CF created: 2010-10-15 expires: never
|
|
||||||
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
|
|
||||||
(1) NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
The primary key is now on the Token and GnuPG says its card-no (F517 00000001),
|
|
||||||
where F517 is the vendor ID of FSIJ.
|
|
||||||
|
|
||||||
Secondly, I import my subkey of encryption. I select key number '1'. ::
|
|
||||||
|
|
||||||
gpg> key 1
|
|
||||||
|
|
||||||
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb* 2048R/084239CF created: 2010-10-15 expires: never
|
|
||||||
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
|
|
||||||
(1) NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
You can see that the subkey is marked by '*'.
|
|
||||||
I type ``keytocard`` command to import this subkey to Gnuk Token.
|
|
||||||
I select ``2`` as it's encryption key. ::
|
|
||||||
|
|
||||||
gpg> keytocard
|
|
||||||
Signature key ....: [none]
|
|
||||||
Encryption key....: [none]
|
|
||||||
Authentication key: [none]
|
|
||||||
|
|
||||||
Please select where to store the key:
|
|
||||||
(2) Encryption key
|
|
||||||
Your selection? 2
|
|
||||||
|
|
||||||
Then, GnuPG asks the passphrase of **keys on PC** again. I enter. ::
|
|
||||||
|
|
||||||
You need a passphrase to unlock the secret key for
|
|
||||||
user: "NIIBE Yutaka <gniibe@fsij.org>"
|
|
||||||
2048-bit RSA key, ID 084239CF, created 2010-10-15
|
|
||||||
<PASSWORD-KEY-4CA7BABE>
|
|
||||||
gpg: writing new key
|
|
||||||
|
|
||||||
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb* 2048R/084239CF created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
|
|
||||||
(1) NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
The sub key is now on the Token and GnuPG says its card-no for it.
|
|
||||||
|
|
||||||
I type ``key 1`` to deselect key number '1'. ::
|
|
||||||
|
|
||||||
gpg> key 1
|
|
||||||
|
|
||||||
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb 2048R/084239CF created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
|
|
||||||
(1) NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
Thirdly, I select sub key of authentication which has key number '2'. ::
|
|
||||||
|
|
||||||
gpg> key 2
|
|
||||||
|
|
||||||
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb 2048R/084239CF created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb* 2048R/5BB065DC created: 2010-10-22 expires: never
|
|
||||||
(1) NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
You can see that the subkey number '2' is marked by '*'.
|
|
||||||
I type ``keytocard`` command to import this subkey to Gnuk Token.
|
|
||||||
I select ``3`` as it's authentication key. ::
|
|
||||||
|
|
||||||
gpg> keytocard
|
|
||||||
Signature key ....: [none]
|
|
||||||
Encryption key....: [none]
|
|
||||||
Authentication key: [none]
|
|
||||||
|
|
||||||
Please select where to store the key:
|
|
||||||
(3) Authentication key
|
|
||||||
Your selection? 3
|
|
||||||
|
|
||||||
Then, GnuPG asks the passphrase of **keys on PC** again. I enter. ::
|
|
||||||
|
|
||||||
You need a passphrase to unlock the secret key for
|
|
||||||
user: "NIIBE Yutaka <gniibe@fsij.org>"
|
|
||||||
2048-bit RSA key, ID 5BB065DC, created 2010-10-22
|
|
||||||
<PASSWORD-KEY-4CA7BABE>
|
|
||||||
gpg: writing new key
|
|
||||||
|
|
||||||
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb 2048R/084239CF created: 2010-10-15 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
ssb* 2048R/5BB065DC created: 2010-10-22 expires: never
|
|
||||||
card-no: F517 00000001
|
|
||||||
(1) NIIBE Yutaka <gniibe@fsij.org>
|
|
||||||
|
|
||||||
The sub key is now on the Token and GnuPG says its card-no for it.
|
|
||||||
|
|
||||||
Lastly, I quit GnuPG. Note that I **don't** save changes. ::
|
Lastly, I quit GnuPG. Note that I **don't** save changes. ::
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ See `another document`_ to import keys to the Token from copied directory.
|
|||||||
|
|
||||||
After personalization, I put my keys into the Token.
|
After personalization, I put my keys into the Token.
|
||||||
|
|
||||||
Here is the log.
|
Here is the session log.
|
||||||
|
|
||||||
I invoke GnuPG with my key (4ca7babe). ::
|
I invoke GnuPG with my key (4ca7babe). ::
|
||||||
|
|
||||||
|
@ -615,9 +615,9 @@ def get_gnuk_device():
|
|||||||
for (dev, config, intf) in gnuk_devices():
|
for (dev, config, intf) in gnuk_devices():
|
||||||
try:
|
try:
|
||||||
icc = gnuk_token(dev, config, intf)
|
icc = gnuk_token(dev, config, intf)
|
||||||
print("Device: ", dev.filename)
|
print("Device: %s" % dev.filename)
|
||||||
print("Configuration: ", config.value)
|
print("Configuration: %d" % config.value)
|
||||||
print("Interface: ", intf.interfaceNumber)
|
print("Interface: %d" % intf.interfaceNumber)
|
||||||
break
|
break
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
@ -74,7 +74,7 @@ def main(keyno, passwd, data_regnual, data_upgrade):
|
|||||||
for dev in gnuk_devices_by_vidpid():
|
for dev in gnuk_devices_by_vidpid():
|
||||||
try:
|
try:
|
||||||
reg = regnual(dev)
|
reg = regnual(dev)
|
||||||
print("Device: ", dev.filename)
|
print("Device: %s" % dev.filename)
|
||||||
break
|
break
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
Loading…
Reference in New Issue
Block a user