mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-21 03:10:08 +00:00
47 lines
1.4 KiB
Plaintext
47 lines
1.4 KiB
Plaintext
USB communication
|
|
=================
|
|
|
|
* No command chaining, but extended APDU and extended Lc and Le.
|
|
I think that this keep the code simple.
|
|
|
|
* Once in the past (version <= 0.4), the value of
|
|
dwMaxCCIDMessageLength was 64 and we supported ICC block chaining,
|
|
so that we could not handle multple Bulk transactions.
|
|
|
|
* Now, the value of dwMaxCCIDMessageLength is 320, that's the size
|
|
of header of ICC block plus size of maximum APDU (by 64
|
|
granularity). Still, some ccid implementation (ccid 1.3.11, for
|
|
example) sends ICC block using chaining unfortunately, so we keep
|
|
the code of ICC block chaining.
|
|
|
|
|
|
OpenPGP card protocol implementation
|
|
====================================
|
|
|
|
I try to follow "no clear password(s)" policy, even if it is on
|
|
protected flash memory. Futher, keystrings for user and reset code
|
|
are removed after key imports. Because of this, replacing keys
|
|
are not possible without password information. Thus, replacing
|
|
existing keys are not supported.
|
|
|
|
|
|
How a private key is stored
|
|
===========================
|
|
|
|
KEYPTR
|
|
----> [ P ][ Q ][ N ]
|
|
<---encrypted----><--- plain ---->
|
|
|
|
key_addr 4-byte
|
|
additional_data_encrypted 16-byte
|
|
dek_encrypted_by_keystring_pw1 16-byte
|
|
dek_encrypted_by_keystring_rc 16-byte
|
|
dek_encrypted_by_keystring_pw3 16-byte
|
|
|
|
... decrypted to
|
|
|
|
[ P ][ Q ]
|
|
check 4-byte
|
|
random 4-byte
|
|
magic[] 8-byte
|