U2F and nRF52840

NIIBE Yutaka gniibe at fsij.org
Wed Dec 26 07:55:47 CET 2018 

Hello,

Please note that Gnuk is a firmware which supports OpenPGP card
protocol.  With its capability of three private keys, OpenPGP card
supports digital signature, encryption, and authentication.  Speaking
about authentication, we can put SSH key, by its authentication feature.

Avamander <avamander at gmail.com> wrote:
> My first question was about U2F. As far as I could see, client certificate
> TLS authentication isn't widespread enough, the biggest deployment probably
> being Estonian ID card authentication which isn't private at all, this
> leaves pretty much only U2F on the table if I want something a bit more
> secure (than just TOTP), correct?

I don't know about current situation of web authentication well.
Currently, I don't use any services which use/require U2F.  I think that
client certificate TLS authentication is still good, when it is our own
server.

We have (very experimental) software for OpenPGP card, called Scute,
which enables client certificate TLS authentication with the card/token.

Once, around 2012, I used Scute with Gnuk Token to be authenticated by
my own OpenID server, so that I could login to other services with
OpenID.  Unfortunately, OpenID hasn't become popular enough.


If I will need to use U2F, I will implement another firmware software
using some parts of Gnuk (USB, CCID, and Crypto).

That's because, for me, the use cases sound very different.  For typical
use cases of OpenPGP card, it's your encrypted resources, to be
accessed.  Or you are going make digital signature for your data in your
control.  For web authentication with U2F, it is some external service
provider, who asks your identity with a dongle.  It seems for me that
it's not good idea to use a single device (or single software) for both
use cases.

> If not, how (in)compatible is the current code with a possible U2F/UAF
> implementation?

Crypto routines can be reused.  The USB protocol, CCID, is same.  (CCID
protocol is the protocol of card reader.)  Application layer is
different.

> Second question was about porting Gnuk to other MCUs, is there a guide
> available somewhere?

I don't know about such a guide.  Last year, Aurelien Jarno did some
work for STM32L432.

> I'd love to get/make Gnuk run on nRF52840 (and possibly get some
> functionality run over NFC/BT).

Use of wireless technology requires another encryption.  And, I just
found that nRF52840 comes with hardware crypto accelerator.

Well, while some keywords are some, I feel that we are taling about
somehow different topics.  For Gnuk, I'm talking about ... something
like a bicycle which I can control using my own skill and my own energy.
I'm afraid you are talking about something like luxury automatic car.

Gnuk doen't depend on any hardware crypto accelerator.  This is on
purpose.  It is important for Gnuk to minimize attack surface.  A
hardware crypto accelerator by semiconductor vendor, which is difficult
to examine by its users, can bring possible attack vectors.  In many
cases, development with a hardware crypto accelerator might require NDA,
which can bring another type attack vector (say, of social engineering).
--

More information about the Gnuk-users mailing list