mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 10:50:09 +00:00
47 lines
1.4 KiB
Plaintext
47 lines
1.4 KiB
Plaintext
USB communication
|
|
=================
|
|
|
|
* No command chaining, but extended APDU and extended Lc and Le.
|
|
I think that this keep the code simple.
|
|
|
|
* Once, the value of dwMaxCCIDMessageLength was 64 and we supported
|
|
ICC block chaining, so that we could not handle multple Bulk
|
|
transactions.
|
|
|
|
* Now, the value of dwMaxCCIDMessageLength is 320, that's the size
|
|
of header of ICC block plus size of maximum APDU (by 64
|
|
granularity). Still, some ccid implementation sends ICC block
|
|
using chaining (unfortunately), so we keep the code of ICC block
|
|
chaining.
|
|
|
|
|
|
OpenPGP card protocol implementation
|
|
====================================
|
|
|
|
I try to follow "no clear password(s)" policy, even if it is on
|
|
protected flash memory. Futher, keystrings for user and reset code
|
|
are removed after key imports. Because of this, replacing keys
|
|
are not possible without password information. Thus, replacing
|
|
existing keys are not supported.
|
|
|
|
|
|
How a private key is stored
|
|
===========================
|
|
|
|
KEYPTR
|
|
----> [ P ][ Q ][ N ]
|
|
<---encrypted----><--- plain ---->
|
|
|
|
key_addr 4-byte
|
|
additional_data_encrypted 16-byte
|
|
dek_encrypted_by_keystring_pw1 16-byte
|
|
dek_encrypted_by_keystring_rc 16-byte
|
|
dek_encrypted_by_keystring_pw3 16-byte
|
|
|
|
... decrypted to
|
|
|
|
[ P ][ Q ]
|
|
check 4-byte
|
|
random 4-byte
|
|
magic[] 8-byte
|