From fdaee50acb36c04c37dd031423176c00acfe7b6f Mon Sep 17 00:00:00 2001 From: NIIBE Yutaka Date: Wed, 11 May 2011 16:48:08 +0900 Subject: [PATCH] update NEWS and README --- NEWS | 33 +++++++++++++++++++++++++++++++++ README | 29 ++++++++++++++++++++++++----- 2 files changed, 57 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 74aee0d..63c3b8a 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,38 @@ Gnuk NEWS - User visible changes +* Major changes in Gnuk 0.12 + + Released 2011-05-1X, by NIIBE Yutaka + +** Admin-less mode is supported. +The OpenPGP card specification assumes existence of a security +officer, who has privilege to manage the card. On the other hand, +many use cases of Gnuk are admin == user. + +Thus, Gnuk now supports "admin-less" mode. In this mode, user can get +privilege with the password of PW1. + +At the initialization of the card, Gnuk becomes compatible mode by +setting PW3. Without setting PW3, it becomes "admin-less" mode +by setting PW1. + +** Important bug fix. +Gnuk (<= 0.11) has a severe bug which makes possible for attacker to +guess admin password easily. When admin password is not set (the +default value of factory setting), failure of VERIFY doesn't increment +error counter in older versions. Observing no increment of error +counter, attacker could know that admin password is the one of factory +setting. + +** tool/gnuk_put_binary.py now uses pyscard. +Instead of PyUSB, it uses Python binding of PC/SC. PyUSB version is +still available as tool/gnuk_put_binary_libusb.py. + +** Logo for Gnuk is updated. + +** Gnuk Sticker SVG is available. + + * Major changes in Gnuk 0.11 Released 2011-04-15, by NIIBE Yutaka diff --git a/README b/README index 68c22d0..25da9da 100644 --- a/README +++ b/README @@ -310,7 +310,8 @@ accessing by JTAG debugger is recommended. How to configure ================ -You need python and PyUSB (python-usb package in Debian). +You need python and pyscard (python-pyscard package in Debian) or +PyUSB (python-usb package in Debian). (1) In the 'src' directory, type @@ -323,24 +324,35 @@ In this process, it takes time for the command of Don't just wait, but do some other works on your PC. /dev/random needs entropy to finish. -(2) Stop the pcsc daemon. + +(2) [pyscard] Stop scdaemon + [PyUSB] Stop the pcsc daemon. + +If scdaemon is running, please kill it, or you will get "Smartcard +Exception" by "Sharing violation". + + $ killall -9 scdaemon + +In case of PyUSB tool, you need to stop pcscd. # /etc/init.d/pcscd stop + (3) Write the random bits to the device Connect your board to USB port of your PC. And invoke gnuk_put_binary.py: - # ../tool/gnuk_put_binary.py -r random_bits + $ ../tool/gnuk_put_binary.py -r random_bits random_bits: 1024 Updating random bits ... + (4) [Optional] Write fixed serial number If you use fixed serial number in the file 'GNUK_SERIAL_NUMBER', you can do: - # EMAIL= ../tool/gnuk_put_binary.py -s ../GNUK_SERIAL_NUMBER + $ EMAIL= ../tool/gnuk_put_binary.py -s ../GNUK_SERIAL_NUMBER Writing serial number ... @@ -348,7 +360,7 @@ If you use fixed serial number in the file 'GNUK_SERIAL_NUMBER', you can do: If you have card holder certificate binary file, you can do: - # ../tool/gnuk_put_binary.py ../../.bin + $ ../tool/gnuk_put_binary.py ../../.bin ../../.bin: Updating card holder certificate ... @@ -443,11 +455,18 @@ linux/Documentation/usb/usbmon.txt Read-only Git Repository ======================== +You can browse at http://www.gniibe.org/gitweb/gnuk.git/ + You can get it by: + $ git clone git://www.gniibe.org/gnuk.git/ + +or + $ git clone http://www.gniibe.org/git/gnuk.git/ + Information on the Web ======================