fix key page release
This commit is contained in:
NIIBE Yutaka
79
README
79
README
@@ -1,14 +1,14 @@
|
||||
Gnuk - An Implementation of USB Cryptographic Token for GnuPG
|
||||
|
||||
Version 1.1.3
|
||||
2014-04-16
|
||||
Version 1.1.4
|
||||
2014-12-1x
|
||||
Niibe Yutaka
|
||||
Free Software Initiative of Japan
|
||||
|
||||
Warning
|
||||
=======
|
||||
|
||||
This is another experimental release of Gnuk, version 1.1.3, which has
|
||||
This is another experimental release of Gnuk, version 1.1.4, which has
|
||||
incompatible changes to Gnuk 1.0.x. Specifically, it now supports
|
||||
overriding key import, but importing keys (or generating keys) results
|
||||
password reset. Please update your documentation for Gnuk Token, so
|
||||
@@ -17,7 +17,8 @@ has supports of ECDSA (with NIST P256 and secp256k1) and EdDSA with
|
||||
EdDSA, but this feature is pretty much experimental, and it requires
|
||||
development version of GnuPG with newest version of libgcrypt. You
|
||||
will not able to keep using EdDSA keys, as the key format is subject
|
||||
to change.
|
||||
to change. It also support RSA-4096 experimentally, but users should
|
||||
know that it takes more than 8 second to sign/decrypt.
|
||||
|
||||
|
||||
What's Gnuk?
|
||||
@@ -57,8 +58,9 @@ A0: Good points of Gnuk are:
|
||||
"for Free Software"; Gnuk supports GnuPG.
|
||||
|
||||
Q1: What kind of key algorithm is supported?
|
||||
A1: Gnuk version 1.0 only supports 2048-bit RSA.
|
||||
Development version of Gnuk (1.1.x) supports 256-bit ECDSA and EdDSA.
|
||||
A1: Gnuk version 1.0 only supports RSA 2048.
|
||||
Development version of Gnuk (1.1.x) supports 256-bit ECDSA and EdDSA,
|
||||
as well as RSA 4096-bit. But it takes long time to sign with RSA 4096.
|
||||
|
||||
Q2: How long does it take for digital signing?
|
||||
A2: It takes a second and a half or so.
|
||||
@@ -87,13 +89,7 @@ A6: You need a target board plus a JTAG/SWD debugger. If you just
|
||||
Q7: How much does it cost?
|
||||
A7: Olimex STM32-H103 plus ARM-USB-TINY-H cost 70 Euro or so.
|
||||
|
||||
Q8: How much does it cost for DIY version?
|
||||
A8: STM8S Discovery Kit costs 750 JPY (< $10 USD) only. You can build
|
||||
your own JTAG debugger using FTDI2232 module (1450 JPY), see:
|
||||
http://www.fsij.org/gnuk/jtag_dongle_ftdi2232
|
||||
|
||||
Q9: I got an error like "gpg: selecting openpgp failed: ec=6.108", what's up?
|
||||
|
||||
A9: GnuPG's SCDaemon has problems for handling insertion/removal of
|
||||
card/reader. When your newly inserted token is not found by
|
||||
GnuPG, try killing scdaemon and let it to be invoked again. I do:
|
||||
@@ -110,7 +106,7 @@ Aa: You need to deactivate seahorse-agent and gnome-keyring, but use
|
||||
|
||||
$ gconftool-2 --type bool --set /apps/gnome-keyring/daemon-components/ssh false
|
||||
|
||||
Qb: With GNOME 3, I can't use Gnuk Token at all. Why?
|
||||
Qb: With GNOME 3.0, I can't use Gnuk Token at all. Why?
|
||||
Ab: That's because gnome-keyring-daemon interferes GnuPG. Type:
|
||||
|
||||
$ gnome-session-properties
|
||||
@@ -122,6 +118,16 @@ Qc: Do you know a good SWD debugger to connect FST-01 or something?
|
||||
Ac: ST-Link/V2 is cheap one. We have a tool/stlinkv2.py as flash ROM
|
||||
writer program.
|
||||
|
||||
Qd: With GNOME 3.x (x >= 8?), I can't use Gnuk Token at all. Why?
|
||||
Ad: Please set the configration variable OnlyShowIn as none. Like:
|
||||
|
||||
OnlyShowIn=
|
||||
|
||||
In the files of /etc/xdg/autostart/gnome-keyring-gpg.desktop and
|
||||
/etc/xdg/autostart/gnome-keyring-ssh.desktop
|
||||
|
||||
|
||||
|
||||
|
||||
Release notes
|
||||
=============
|
||||
@@ -130,10 +136,9 @@ This is third experimental release in version 1.1 series of Gnuk.
|
||||
|
||||
While it is daily use by its developer, some newly introduced features
|
||||
(including ECDSA/EdDSA, key generation and firmware upgrade) should be
|
||||
considered experimental. ECDSA/EdDSA is really experimental. The
|
||||
feature even requires manual edit of Makefile after 'configure'.
|
||||
More, EdDSA is much experimental. You won't be able to keep using
|
||||
the EdDSA key, as it is subject to change.
|
||||
considered experimental. ECDSA/EdDSA is really experimental.
|
||||
Further, EdDSA is much experimental. You won't be able to keep using
|
||||
the EdDSA key, as the key format of GnuPG is subject to change.
|
||||
|
||||
Tested features are:
|
||||
|
||||
@@ -181,11 +186,12 @@ DfuSe is for experiment only, because it is impossible for DfuSe to
|
||||
disable read from flash. For real use, please consider killing DfuSe
|
||||
and enabling read protection using JTAG debugger.
|
||||
|
||||
For PIN-pad support, I connect a consumer IR receive module to FST-01, and use controller for TV. PIN verification
|
||||
is supported by this configuration. Yes, it is not secure at all,
|
||||
since it is very easy to monitor IR output of the controllers. It is
|
||||
just an experiment. Note that hardware needed for this experiment is
|
||||
only a consumer IR receive module which is as cheap as 50 JPY.
|
||||
For PIN-pad support, I connect a consumer IR receive module to FST-01,
|
||||
and use controller for TV. PIN verification is supported by this
|
||||
configuration. Yes, it is not secure at all, since it is very easy to
|
||||
monitor IR output of the controllers. It is just an experiment. Note
|
||||
that hardware needed for this experiment is only a consumer IR receive
|
||||
module which is as cheap as 50 JPY.
|
||||
|
||||
Note that you need pinpad support for GnuPG to use PIN-pad enabled
|
||||
Gnuk. The pinpad support for GnuPG is only available in version 2.
|
||||
@@ -223,7 +229,7 @@ External source code
|
||||
|
||||
Gnuk is distributed with external source code.
|
||||
|
||||
* chopstx/ -- Chopstx 0.03 (+ STBee support)
|
||||
* chopstx/ -- Chopstx 0.04
|
||||
|
||||
We use Chopstx as the kernel for Gnuk.
|
||||
|
||||
@@ -380,30 +386,7 @@ Then, with another terminal, type following to write "gnuk.elf" to Flash ROM:
|
||||
Flying Stone Tiny 01
|
||||
--------------------
|
||||
|
||||
If you are using Flying Stone Tiny 01, you need a SWD writer. I am
|
||||
using revision 946 of Simon Qian's Versaloon.
|
||||
|
||||
svn checkout -r 946 http://vsprog.googlecode.com/svn/trunk/
|
||||
|
||||
For OpenOCD, we need unofficial patch.
|
||||
|
||||
See the article of Versaloon Forum:
|
||||
|
||||
http://www.versaloon.com/bbs/viewtopic.php?p=16179
|
||||
|
||||
|
||||
Type following to invoke OpenOCD:
|
||||
|
||||
$ openocd -f interface/vsllink.cfg -c "transport select swd" -c "swd_mode 2" -f target/stm32f1x.cfg
|
||||
|
||||
Then, with another terminal, type following to write "gnuk.elf" to Flash ROM:
|
||||
|
||||
$ telnet localhost 4444
|
||||
> reset halt
|
||||
> flash write_image erase gnuk.elf
|
||||
> reset
|
||||
> exit
|
||||
$
|
||||
If you are using Flying Stone Tiny 01, you need a SWD writer.
|
||||
|
||||
OpenOCD 0.6.1 now supports ST-Link/V2. We can use it:
|
||||
|
||||
@@ -568,7 +551,7 @@ You can get it by:
|
||||
$ git clone git://gitorious.org/gnuk/gnuk.git
|
||||
|
||||
It's also available at: www.gniibe.org
|
||||
You can browse at: http://www.gniibe.org/gitweb?p=gnuk.git;a=summary
|
||||
You can browse at: http://git.gniibe.org/gitweb?p=gnuk/gnuk.git;a=summary
|
||||
|
||||
I put Chopstx as a submodule of Git. Please do this:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user