mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 10:50:09 +00:00
54 lines
1.4 KiB
Plaintext
54 lines
1.4 KiB
Plaintext
* Random Number Generator
|
|
|
|
RNG is needed for Data Encryption Key to encrypt private key (P and Q).
|
|
It is important to collect enough entropy. Perhaps, it would
|
|
be possible to get entropy from USB traffic (of other devices).
|
|
|
|
|
|
* RSA
|
|
|
|
It would be good not to use malloc.
|
|
|
|
|
|
* Flash ROM recover from unexpected shutdown during write
|
|
|
|
|
|
* [DONE] configure support
|
|
|
|
configure script would be good to select a board and to generate
|
|
random serial number.
|
|
|
|
|
|
* [DONE] Random number update
|
|
|
|
Implemented using SECECT_FILE and UPDATE_BINARY command, which is not
|
|
in the OpenPGP card specification.
|
|
|
|
Old description: Currently, Gnuk doesn't have random number generator,
|
|
but use random bytes calculated by hosts. After Gnuk uses random
|
|
number, the entry in Flash ROM will be cleared. Some scheme to update
|
|
random number bytes is needed. Possibly, private Data Objects, or by
|
|
another SELECT FILE.
|
|
|
|
|
|
* [DONE] Manufacture ID
|
|
|
|
Get it from FSFE.
|
|
|
|
|
|
* [DONE] Serial number
|
|
|
|
The AID of the card contains serial number. It should be unique. USB
|
|
serial number should be unique to identify different tokens, too.
|
|
|
|
|
|
* [DONE] Flash ROM garbage collection
|
|
|
|
|
|
* [DONE] Flash ROM protection
|
|
|
|
Flash ROM can be protected with OpenOCD. DfuSe users should know that
|
|
the content can be accessible by DfuSe, even if we enable read
|
|
protection of flash ROM. For proper protection, don't use DfuSe but
|
|
use OpenOCD to write and protect.
|