mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 10:50:09 +00:00
235 lines
5.1 KiB
Plaintext
235 lines
5.1 KiB
Plaintext
Gnuk - software for GPG USB Token
|
|
|
|
Version 0.2
|
|
2010-09-10
|
|
Niibe Yutaka
|
|
Free Software Initiative of Japan
|
|
|
|
What's Gnuk?
|
|
============
|
|
|
|
Gnuk is software implementation of a USB token for GNU privacy guard.
|
|
Gnuk supports OpenPGP card protocol version 2, and it runs on STM32
|
|
processor.
|
|
|
|
Please look at the graphics of "gnuk.svg" for the software name.
|
|
|
|
I wish that Gnuk will be a developer's soother who uses GnuPG. I have
|
|
been nervous of storing secret key(s) on usual secondary storage.
|
|
While I want to work at different places, but it is not the choice for
|
|
me to bring a card reader all the time. With Gnuk, this issue will be
|
|
solved by a USB token which is small enough.
|
|
|
|
|
|
Release notes
|
|
=============
|
|
|
|
This is second release of Gnuk. While it works somehow, it is still
|
|
experimental.
|
|
|
|
Tested features are:
|
|
|
|
* Personalization of the card
|
|
|
|
* Changing Login name, URL, Name, Sex, Language, etc.
|
|
|
|
* Password handling (PW1, RC, PW3)
|
|
|
|
* Key import for both of key for digital signing and key for
|
|
decryption.
|
|
|
|
* PSO: Digital Signature
|
|
|
|
* PSO: Decipher
|
|
|
|
It is known not-working well:
|
|
|
|
* Key import multiple times
|
|
|
|
* Changing value of password status bytes (0x00C4).
|
|
|
|
|
|
Targets
|
|
=======
|
|
|
|
We use Olimex STM32-H103 board.
|
|
|
|
I think that it could run on Olimex STM32-P103, STBee, or STBee mini
|
|
too. Besides, we are porting it to STM32 Primer 2.
|
|
|
|
|
|
Souce code
|
|
==========
|
|
|
|
Gnuk source code is under src/ directory.
|
|
|
|
|
|
License
|
|
=======
|
|
|
|
It is distributed under GNU General Public Licence version 3 or later
|
|
(GPLv3+).
|
|
|
|
|
|
External source code
|
|
====================
|
|
|
|
Gnuk is distributed with external source code.
|
|
|
|
* ChibiOS_2.0.2/ -- ChibiOS/RT 2.0.2
|
|
|
|
Taken from http://chibios.sourceforge.net/
|
|
Note that CRLF is converted to LF in this repository.
|
|
We use ChibiOS/RT as the kernel for Gnuk.
|
|
|
|
* polarssl-0.14.0/ -- PolarSSL 0.14.0
|
|
|
|
Taken from http://polarssl.org/
|
|
We use PolarSSL for RSA computation.
|
|
|
|
* STM32_USB-FS-Device_Driver/ -- a part of USB-FS-Device_Lib
|
|
* Virtual_COM_Port/ -- a part of USB-FS-Device_Lib
|
|
|
|
STM32F10x USB Full Speed Device Library (USB-FS-Device_Lib)
|
|
is a STM32F10x library for USB functionality.
|
|
|
|
I took Libraries/STM32_USB-FS-Device_Driver and
|
|
Project/Virtual_COM_Port in STM32_USB-FS-Device_Lib distribution.
|
|
See http://www.st.com for detail.
|
|
|
|
|
|
Host Requirements
|
|
=================
|
|
|
|
For GNU/Linux, libccid version >= 1.3.11 is required.
|
|
libccid version == 1.3.9 is known not working well by the issue [r4235].
|
|
|
|
|
|
How to compile
|
|
==============
|
|
|
|
You need GNU toolchain and newlib for 'arm-none-eabi' target.
|
|
|
|
See http://github.com/esden/summon-arm-toolchain/ for preparation of
|
|
GNU Toolchain for 'arm-none-eabi' target.
|
|
|
|
$ cd gnuk-VERSION/src
|
|
|
|
Edit the Makefile. Comment out the line:
|
|
----------------
|
|
ENABLE_DEBUG=1
|
|
----------------
|
|
|
|
if you don't want to debug Gnuk.
|
|
|
|
Type:
|
|
|
|
$ make
|
|
|
|
In the make process, it takes time for the command of
|
|
|
|
dd if=/dev/random bs=1 of=random_bits count=1024
|
|
|
|
Don't just wait, but do some other work on your PC.
|
|
/dev/random needs entropy to finish.
|
|
|
|
Then, we will have "gnuk.elf".
|
|
|
|
|
|
How to run
|
|
==========
|
|
|
|
If you are using Olimex JTAG-Tiny, type following to invoke OpenOCD:
|
|
|
|
$ openocd -f interface/olimex-jtag-tiny.cfg -f board/olimex_stm32_h103.cfg
|
|
|
|
Then, with another terminal, type following to write "gnuk.elf" to Flash ROM:
|
|
|
|
$ telnet localhost 4444
|
|
> reset halt
|
|
> flash write_image erase gnuk.elf
|
|
> reset
|
|
> exit
|
|
$
|
|
|
|
If you compiled with ENABLE_DEBUG=1, Gnuk has two interfaces
|
|
(one is CCID/ICCD device and another is virtual COM port). Open
|
|
virtual COM port by:
|
|
|
|
$ cu -l /dev/ttyACM0
|
|
|
|
and you will see debug output of Gnuk.
|
|
|
|
For libccid, we need following change:
|
|
|
|
--- /etc/libccid_Info.plist.dpkg-dist 2009-07-29 06:50:20.000000000 +0900
|
|
+++ /etc/libccid_Info.plist 2010-09-05 09:09:49.000000000 +0900
|
|
@@ -104,6 +104,7 @@
|
|
|
|
<key>ifdVendorID</key>
|
|
<array>
|
|
+ <string>0x234B</string>
|
|
<string>0x08E6</string>
|
|
<string>0x08E6</string>
|
|
<string>0x08E6</string>
|
|
@@ -237,6 +238,7 @@
|
|
|
|
<key>ifdProductID</key>
|
|
<array>
|
|
+ <string>0x0000</string>
|
|
<string>0x2202</string>
|
|
<string>0x3437</string>
|
|
<string>0x3438</string>
|
|
@@ -370,6 +372,7 @@
|
|
|
|
<key>ifdFriendlyName</key>
|
|
<array>
|
|
+ <string>FSIJ USB Token</string>
|
|
<string>Gemplus Gem e-Seal Pro</string>
|
|
<string>Gemplus GemPC Twin</string>
|
|
<string>Gemplus GemPC Key</string>
|
|
------------------
|
|
|
|
Then, try following to see Gnuk runs:
|
|
|
|
$ gpg --card-status
|
|
|
|
|
|
For more, see doc/DEMO.
|
|
|
|
|
|
|
|
How to debug
|
|
============
|
|
|
|
We can use GDB.
|
|
|
|
$ arm-none-eabi-gdb gnuk.elf
|
|
|
|
|
|
Inside GDB, we can connect OpenOCD by:
|
|
|
|
(gdb) target remote localhost:3333
|
|
|
|
|
|
You can see output of PCSCD:
|
|
|
|
# /etc/init.d/pcscd stop
|
|
# LIBCCID_ifdLogLevel=7 /usr/sbin/pcscd --debug --foreground
|
|
|
|
|
|
You can observe the traffic of USB using "usbmon". See the file:
|
|
linux/Documentation/usb/usbmon.txt
|
|
|
|
|
|
|
|
Development history
|
|
===================
|
|
|
|
Initially, the development was started with a copy of the files in
|
|
ChibiOS_2.0.2/demos/ARMCM3-STM32F103-GCC/*, Makefile, linker script,
|
|
and header files (chconf.h, halconf.h, and mcuconf.h).
|
|
|
|
Since this is the initial release, some garbages may still remain.
|
|
--
|