coelner/gnuk
1
0
Fork 0
mirror of https://salsa.debian.org/gnuk-team/gnuk/gnuk.git synced 2024-09-20 02:40:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

version 1.1.5

Browse Source
This commit is contained in:
NIIBE Yutaka 2015-06-03 16:34:27 +09:00
parent 3926f42647
commit 2471616f74
9 changed files with 50 additions and 175 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ChangeLog
View File

@ -1,3 +1,16 @@
2015-06-03 Niibe Yutaka <gniibe@fsij.org>
* VERSION: 1.1.5.
* test/ecc_nistp256_keys.py: New.
* tool/upgrade_by_passwd.py: Remove -p option and add -f option.
* tool/gnuk_token.py (gnuk_token.download): Add verbose flag.
(regnual.download): Ditto.
* tool/gnuk_upgrade.py: Use gnuk_token module.
2015-06-02 Niibe Yutaka <gniibe@fsij.org> 2015-06-02 Niibe Yutaka <gniibe@fsij.org>
* src/openpgp.c (cmd_pso): Support OpenPGPcard spec v3.0. * src/openpgp.c (cmd_pso): Support OpenPGPcard spec v3.0.

21
NEWS
View File

@ -1,5 +1,26 @@
Gnuk NEWS - User visible changes Gnuk NEWS - User visible changes
* Major changes in Gnuk 1.1.5
Released 2015-06-03, by NIIBE Yutaka
** upgrade_by_passwd.py is not so noisy any more.
Since it's getting stable, no debug output any more.
** Maple mini support.
Although it's random number generation is not tested, Maple mini
support is added.
** Windows interoperability fix.
1.1.x (0 to 4) didn't work with Windows because of INTERRUPT transfer.
It's fixed and it works now.
** OpenPGPcard specification v3.0 compatibility.
OpenPGPcard specification v3.0 now include NIST curves (and other
curves) and ECDSA and ECDH operations are defined. Gnuk follows
this specification.
* Major changes in Gnuk 1.1.4 * Major changes in Gnuk 1.1.4
Released 2014-12-15, by NIIBE Yutaka Released 2014-12-15, by NIIBE Yutaka

8
README
View File

@ -1,14 +1,14 @@
Gnuk - An Implementation of USB Cryptographic Token for GnuPG Gnuk - An Implementation of USB Cryptographic Token for GnuPG
Version 1.1.4 Version 1.1.5
2014-12-15 2015-06-03
Niibe Yutaka Niibe Yutaka
Free Software Initiative of Japan Free Software Initiative of Japan
Warning Warning
======= =======
This is another experimental release of Gnuk, version 1.1.4, which has This is another experimental release of Gnuk, version 1.1.5, which has
incompatible changes to Gnuk 1.0.x. Specifically, it now supports incompatible changes to Gnuk 1.0.x. Specifically, it now supports
overriding key import, but importing keys (or generating keys) results overriding key import, but importing keys (or generating keys) results
password reset. Please update your documentation for Gnuk Token, so password reset. Please update your documentation for Gnuk Token, so
@ -25,7 +25,7 @@ What's Gnuk?
============ ============
Gnuk is an implementation of USB cryptographic token for GNU Privacy Gnuk is an implementation of USB cryptographic token for GNU Privacy
Guard. Gnuk supports OpenPGP card protocol version 2, and it runs on Guard. Gnuk supports OpenPGP card protocol version 3, and it runs on
STM32F103 processor. STM32F103 processor.
I wish that Gnuk will be a developer's soother who uses GnuPG. I have I wish that Gnuk will be a developer's soother who uses GnuPG. I have

1
THANKS
View File

@ -8,6 +8,7 @@ encouraging the development, testing the implementation, suggesting
improvements, or fixing bugs. Here is a list of those people. improvements, or fixing bugs. Here is a list of those people.
Achim Pietig achim@pietig.com Achim Pietig achim@pietig.com
Aidan Thornton
Andre Zepezauer andre.zepezauer@student.uni-halle.de Andre Zepezauer andre.zepezauer@student.uni-halle.de
Hironobu SUZUKI hironobu@h2np.net Hironobu SUZUKI hironobu@h2np.net
Jan Suhr jan@suhr.info Jan Suhr jan@suhr.info

2
VERSION
View File

@ -1 +1 @@
release/1.1.4 release/1.1.5

170
doc/gnuk-keytocard-noremoval.rst
View File

@ -5,174 +5,14 @@ Key import from PC to Gnuk Token (no removal)
This document describes how I put my **keys on PC** to the Token This document describes how I put my **keys on PC** to the Token
without removing keys from PC. without removing keys from PC.
The difference is just not-to-save changes after key imports. The difference is only the last step.
I don't save changes on PC after keytocard.
After personalization, I put my keys into the Token. For the steps before the last step, please see `keytocard with removing keys on PC`_.
Here is the log. .. _keytocard removing keys: gnuk-keytocard
I invoke GnuPG with my key (4ca7babe) and with ``--homedir`` option Here is the session log of the last step.
to specify the directory which contains my secret keys. ::
$ gpg --homedir=/home/gniibe/tmp/gnuk-testing-dir --edit-key 4ca7babe
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 2048R/4CA7BABE created: 2010-10-15 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048R/084239CF created: 2010-10-15 expires: never usage: E
sub 2048R/5BB065DC created: 2010-10-22 expires: never usage: A
[ultimate] (1). NIIBE Yutaka <gniibe@fsij.org>
Then, GnuPG enters its own command interaction mode. The prompt is ``gpg>``.
To enable ``keytocard`` command, I type ``toggle`` command. ::
gpg> toggle
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
ssb 2048R/084239CF created: 2010-10-15 expires: never
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
(1) NIIBE Yutaka <gniibe@fsij.org>
Firstly, I import my primary key into Gnuk Token.
I type ``keytocard`` command, answer ``y`` to confirm keyimport,
and type ``1`` to say it's signature key. ::
gpg> keytocard
Really move the primary key? (y/N) y
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
Please select where to store the key:
(1) Signature key
(3) Authentication key
Your selection? 1
Then, GnuPG asks two passwords. One is the passphrase of **keys on PC**
and another is the password of **Gnuk Token**. Note that the password of
the token and the password of the keys on PC are different things,
although they can be same.
Here, I assume that Gnuk Token's admin password of factory setting (12345678).
I enter these passwords. ::
You need a passphrase to unlock the secret key for
user: "NIIBE Yutaka <gniibe@fsij.org>"
2048-bit RSA key, ID 4CA7BABE, created 2010-10-15
<PASSWORD-KEY-4CA7BABE>
gpg: writing new key
gpg: 3 Admin PIN attempts remaining before card is permanently locked
Please enter the Admin PIN
Enter Admin PIN: 12345678
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
card-no: F517 00000001
ssb 2048R/084239CF created: 2010-10-15 expires: never
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
(1) NIIBE Yutaka <gniibe@fsij.org>
The primary key is now on the Token and GnuPG says its card-no (F517 00000001),
where F517 is the vendor ID of FSIJ.
Secondly, I import my subkey of encryption. I select key number '1'. ::
gpg> key 1
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
card-no: F517 00000001
ssb* 2048R/084239CF created: 2010-10-15 expires: never
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
(1) NIIBE Yutaka <gniibe@fsij.org>
You can see that the subkey is marked by '*'.
I type ``keytocard`` command to import this subkey to Gnuk Token.
I select ``2`` as it's encryption key. ::
gpg> keytocard
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
Please select where to store the key:
(2) Encryption key
Your selection? 2
Then, GnuPG asks the passphrase of **keys on PC** again. I enter. ::
You need a passphrase to unlock the secret key for
user: "NIIBE Yutaka <gniibe@fsij.org>"
2048-bit RSA key, ID 084239CF, created 2010-10-15
<PASSWORD-KEY-4CA7BABE>
gpg: writing new key
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
card-no: F517 00000001
ssb* 2048R/084239CF created: 2010-10-15 expires: never
card-no: F517 00000001
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
(1) NIIBE Yutaka <gniibe@fsij.org>
The sub key is now on the Token and GnuPG says its card-no for it.
I type ``key 1`` to deselect key number '1'. ::
gpg> key 1
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
card-no: F517 00000001
ssb 2048R/084239CF created: 2010-10-15 expires: never
card-no: F517 00000001
ssb 2048R/5BB065DC created: 2010-10-22 expires: never
(1) NIIBE Yutaka <gniibe@fsij.org>
Thirdly, I select sub key of authentication which has key number '2'. ::
gpg> key 2
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
card-no: F517 00000001
ssb 2048R/084239CF created: 2010-10-15 expires: never
card-no: F517 00000001
ssb* 2048R/5BB065DC created: 2010-10-22 expires: never
(1) NIIBE Yutaka <gniibe@fsij.org>
You can see that the subkey number '2' is marked by '*'.
I type ``keytocard`` command to import this subkey to Gnuk Token.
I select ``3`` as it's authentication key. ::
gpg> keytocard
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
Please select where to store the key:
(3) Authentication key
Your selection? 3
Then, GnuPG asks the passphrase of **keys on PC** again. I enter. ::
You need a passphrase to unlock the secret key for
user: "NIIBE Yutaka <gniibe@fsij.org>"
2048-bit RSA key, ID 5BB065DC, created 2010-10-22
<PASSWORD-KEY-4CA7BABE>
gpg: writing new key
sec 2048R/4CA7BABE created: 2010-10-15 expires: never
card-no: F517 00000001
ssb 2048R/084239CF created: 2010-10-15 expires: never
card-no: F517 00000001
ssb* 2048R/5BB065DC created: 2010-10-22 expires: never
card-no: F517 00000001
(1) NIIBE Yutaka <gniibe@fsij.org>
The sub key is now on the Token and GnuPG says its card-no for it.
Lastly, I quit GnuPG. Note that I **don't** save changes. :: Lastly, I quit GnuPG. Note that I **don't** save changes. ::

2
doc/gnuk-keytocard.rst
View File

@ -22,7 +22,7 @@ See `another document`_ to import keys to the Token from copied directory.
After personalization, I put my keys into the Token. After personalization, I put my keys into the Token.
Here is the log. Here is the session log.
I invoke GnuPG with my key (4ca7babe). :: I invoke GnuPG with my key (4ca7babe). ::

6
tool/gnuk_token.py
View File

@ -615,9 +615,9 @@ def get_gnuk_device():
for (dev, config, intf) in gnuk_devices(): for (dev, config, intf) in gnuk_devices():
try: try:
icc = gnuk_token(dev, config, intf) icc = gnuk_token(dev, config, intf)
print("Device: ", dev.filename) print("Device: %s" % dev.filename)
print("Configuration: ", config.value) print("Configuration: %d" % config.value)
print("Interface: ", intf.interfaceNumber) print("Interface: %d" % intf.interfaceNumber)
break break
except: except:
pass pass

2
tool/upgrade_by_passwd.py
View File

@ -74,7 +74,7 @@ def main(keyno, passwd, data_regnual, data_upgrade):
for dev in gnuk_devices_by_vidpid(): for dev in gnuk_devices_by_vidpid():
try: try:
reg = regnual(dev) reg = regnual(dev)
print("Device: ", dev.filename) print("Device: %s" % dev.filename)
break break
except: except:
pass pass