From bertrand at jacquin.bzh Sat Jan 11 19:04:11 2020 From: bertrand at jacquin.bzh (Bertrand Jacquin) Date: Sat, 11 Jan 2020 18:04:11 +0000 Subject: [PATCH] tool: switch to python3 Message-ID: <20200111180411.289770-1-bertrand@jacquin.bzh> python2 is no longer maintained upstream --- tool/add_openpgp_authkey_from_gpgssh.py | 8 +- tool/calc_precompute_table_ecc.py | 14 +-- tool/dfuse.py | 32 +++---- tool/dump_mem.py | 8 +- tool/get_raw_public_key.py | 2 +- tool/pageant_proxy_to_gpg.py | 2 +- tool/pinpadtest.py | 114 ++++++++++++------------ 7 files changed, 91 insertions(+), 91 deletions(-) diff --git a/tool/add_openpgp_authkey_from_gpgssh.py b/tool/add_openpgp_authkey_from_gpgssh.py index 1eb80de9c8a8..2f9f0e13ad03 100644 --- a/tool/add_openpgp_authkey_from_gpgssh.py +++ b/tool/add_openpgp_authkey_from_gpgssh.py @@ -109,15 +109,15 @@ def build_rsakey_from_ssh_key_under_gpg_agent(g, timestamp=None): # The information is in SEXP format, extract N and E s = sexp(pubkey_info_str) if s[0] != 'public-key': - print s + print(s) exit(1) rsa = s[1] if rsa[0] != 'rsa': - print rsa + print(rsa) exit(1) n_x = rsa[1] if n_x[0] != 'n': - print n_x + print(n_x) exit(1) n_byte_str = n_x[1] while n_byte_str[0] == '\x00': @@ -125,7 +125,7 @@ def build_rsakey_from_ssh_key_under_gpg_agent(g, timestamp=None): n = n_byte_str e_x = rsa[2] if e_x[0] != 'e': - print e_x + print(e_x) exit(1) e = e_x[1] if not timestamp: diff --git a/tool/calc_precompute_table_ecc.py b/tool/calc_precompute_table_ecc.py index 2b59789329ad..5536db1ebd2b 100644 --- a/tool/calc_precompute_table_ecc.py +++ b/tool/calc_precompute_table_ecc.py @@ -8,21 +8,21 @@ def print_nG(n): nGy_str = "%064x" % nG.y() print256(nGx_str) print256(nGy_str) - print + print() def print256(s): print("0x%s, 0x%s, 0x%s, 0x%s," % (s[56:64], s[48:56], s[40:48], s[32:40])) print("0x%s, 0x%s, 0x%s, 0x%s" % (s[24:32], s[16:24], s[8:16], s[0:8])) - print + print() for i in range(1,16): - n = (i & 1) + (i & 2) * 0x8000000000000000L + (i & 4) * 0x40000000000000000000000000000000L + (i & 8) * 0x200000000000000000000000000000000000000000000000L - print "%064x" % n + n = (i & 1) + (i & 2) * 0x8000000000000000 + (i & 4) * 0x40000000000000000000000000000000 + (i & 8) * 0x200000000000000000000000000000000000000000000000 + print("%064x" % n) print_nG(n) for i in range(1,16): - n = (i & 1) + (i & 2) * 0x8000000000000000L + (i & 4) * 0x40000000000000000000000000000000L + (i & 8) * 0x200000000000000000000000000000000000000000000000L - n = n * 0x100000000L - print "%064x" % n + n = (i & 1) + (i & 2) * 0x8000000000000000 + (i & 4) * 0x40000000000000000000000000000000 + (i & 8) * 0x200000000000000000000000000000000000000000000000 + n = n * 0x100000000 + print("%064x" % n) print_nG(n) diff --git a/tool/dfuse.py b/tool/dfuse.py index cd0f17284817..d108810e85e3 100755 --- a/tool/dfuse.py +++ b/tool/dfuse.py @@ -104,9 +104,9 @@ class DFU_STM32(object): interface: usb.Interface object representing the interface and altenate setting. """ if interface.interfaceClass != DFU_CLASS: - raise ValueError, "Wrong interface class" + raise ValueError("Wrong interface class") if interface.interfaceSubClass != DFU_SUBCLASS: - raise ValueError, "Wrong interface sub class" + raise ValueError("Wrong interface sub class") self.__protocol = interface.interfaceProtocol self.__devhandle = device.open() self.__devhandle.setConfiguration(configuration) @@ -170,7 +170,7 @@ class DFU_STM32(object): while s[4] == STATE_DFU_DOWNLOAD_BUSY: time.sleep(0.1) s = self.ll_get_status() - raise ValueError, "Read memory failed (%d)" % s[0] + raise ValueError("Read memory failed (%d)" % s[0]) def dfuse_set_address_pointer(self, address): bytes = get_four_bytes (address) @@ -181,7 +181,7 @@ class DFU_STM32(object): time.sleep(0.1) s = self.ll_get_status() if s[4] != STATE_DFU_DOWNLOAD_IDLE: - raise ValueError, "Set Address Pointer failed" + raise ValueError("Set Address Pointer failed") def dfuse_erase(self, address): bytes = get_four_bytes (address) @@ -191,7 +191,7 @@ class DFU_STM32(object): time.sleep(0.1) s = self.ll_get_status() if s[4] != STATE_DFU_DOWNLOAD_IDLE: - raise ValueError, "Erase failed" + raise ValueError("Erase failed") def dfuse_write_memory(self, block): blocknum = self.__blocknum @@ -202,7 +202,7 @@ class DFU_STM32(object): time.sleep(0.1) s = self.ll_get_status() if s[4] != STATE_DFU_DOWNLOAD_IDLE: - raise ValueError, "Write memory failed" + raise ValueError("Write memory failed") def download(self, ih): # First, erase pages @@ -280,7 +280,7 @@ class DFU_STM32(object): elif s[4] == STATE_DFU_MANIFEST_WAIT_RESET: self.__devhandle.reset() elif s[4] != STATE_DFU_IDLE: - raise ValueError, "write failed (%d)." % s[4] + raise ValueError("write failed (%d)." % s[4]) else: self.ll_clear_status() self.ll_clear_status() @@ -315,7 +315,7 @@ class DFU_STM32(object): j = 0 for c in data[0:(addr + 1024 - start_addr)]: if (ord(c)&0xff) != block[j + start_addr - addr]: - raise ValueError, "verify failed at %08x" % (addr + i*1024+j) + raise ValueError("verify failed at %08x" % (addr + i*1024+j)) j += 1 data = data[(addr + 1024 - start_addr):] addr += 1024 @@ -330,7 +330,7 @@ class DFU_STM32(object): j = 0 for c in data[i*1024:(i+1)*1024]: if (ord(c)&0xff) != block[j]: - raise ValueError, "verify failed at %08x" % (addr + i*1024+j) + raise ValueError("verify failed at %08x" % (addr + i*1024+j)) j += 1 if i & 0x03 == 0x03: sys.stdout.write("#") @@ -367,25 +367,25 @@ def get_device(): (alt.interfaceProtocol == DFU_STM32PROTOCOL_0 or \ alt.interfaceProtocol == DFU_STM32PROTOCOL_2): return dev, config, alt - raise ValueError, "Device not found" + raise ValueError("Device not found") def main(filename): dev, config, intf = get_device() - print "Device:", dev.filename - print "Configuration", config.value - print "Interface", intf.interfaceNumber + print("Device:", dev.filename) + print("Configuration", config.value) + print("Interface", intf.interfaceNumber) dfu = DFU_STM32(dev, config, intf) - print dfu.ll_get_string(intf.iInterface) + print(dfu.ll_get_string(intf.iInterface)) s = dfu.ll_get_status() if s[4] == STATE_DFU_ERROR: dfu.ll_clear_status() s = dfu.ll_get_status() - print s + print(s) if s[4] == STATE_DFU_IDLE: exit transfer_size = 1024 if s[0] != DFU_STATUS_OK: - print s + print(s) exit ih = intel_hex(filename) dfu.download(ih) diff --git a/tool/dump_mem.py b/tool/dump_mem.py index 806bafe5b1b5..d793271c7dc5 100755 --- a/tool/dump_mem.py +++ b/tool/dump_mem.py @@ -27,22 +27,22 @@ from dfuse import * dev, config, intf = get_device() dfu = DFU_STM32(dev, config, intf) -print dfu.ll_get_string(intf.iInterface) +print(dfu.ll_get_string(intf.iInterface)) s = dfu.ll_get_status() dfu.ll_clear_status() s = dfu.ll_get_status() -print s +print(s) dfu.dfuse_set_address_pointer(int(sys.argv[1], 16)) s = dfu.ll_get_status() dfu.ll_clear_status() s = dfu.ll_get_status() dfu.ll_clear_status() s = dfu.ll_get_status() -print s +print(s) block = dfu.dfuse_read_memory() count = 0 for d in block: - print "%02x" % d, + print("%02x" % d) if count & 0x0f == 0x0f: print count += 1 diff --git a/tool/get_raw_public_key.py b/tool/get_raw_public_key.py index fb1272f09163..f09bba89c754 100755 --- a/tool/get_raw_public_key.py +++ b/tool/get_raw_public_key.py @@ -20,7 +20,7 @@ def get_gpg_public_key(keygrip): pos_last = key.index(")(1:e3:") key = key[pos:pos_last] if len(key) != 256: - raise ValueError, binascii.hexlify(key) + raise ValueError(binascii.hexlify(key)) return key if __name__ == '__main__': diff --git a/tool/pageant_proxy_to_gpg.py b/tool/pageant_proxy_to_gpg.py index a755efcd282d..ec7ddc3f6d49 100644 --- a/tool/pageant_proxy_to_gpg.py +++ b/tool/pageant_proxy_to_gpg.py @@ -28,7 +28,7 @@ from sexp import sexp # Assume it's only OPENPGP.3 key and it's 2048-bit def debug(string): - print "DEBUG: %s" % string + print("DEBUG: %s" % string) sys.stdout.flush() def get_keygrip_list(keyinfo_result): diff --git a/tool/pinpadtest.py b/tool/pinpadtest.py index 99b132636083..bebe7845313d 100755 --- a/tool/pinpadtest.py +++ b/tool/pinpadtest.py @@ -82,7 +82,7 @@ class Card(object): elif code == FEATURE_MODIFY_PIN_DIRECT: self.modify_ioctl = ioctl if self.verify_ioctl == -1: - raise ValueError, "Not supported" + raise ValueError("Not supported") def cmd_select_openpgp(self): apdu = [0x00, 0xa4, 0x04, 0x00, 6, 0xd2, 0x76, 0x00, 0x01, 0x24, 0x01 ] @@ -90,7 +90,7 @@ class Card(object): if sw1 == 0x61: # More data response, sw1, sw2 = self.connection.transmit([0x00, 0xc0, 0, 0, sw2]) elif not (sw1 == 0x90 and sw2 == 0x00): - raise ValueError, ("cmd_select_openpgp %02x %02x" % (sw1, sw2)) + raise ValueError("cmd_select_openpgp %02x %02x" % (sw1, sw2)) def possibly_add_dummy_byte(self): if self.another_byte: @@ -135,11 +135,11 @@ class Card(object): sw1 = data[0] sw2 = data[1] if not (sw1 == 0x90 and sw2 == 0x00): - raise ValueError, ("cmd_verify_pinpad %02x %02x" % (sw1, sw2)) + raise ValueError("cmd_verify_pinpad %02x %02x" % (sw1, sw2)) def send_modify_pinpad(self, apdu, single_step, command): if self.modify_ioctl == -1: - raise ValueError, "Not supported" + raise ValueError("Not supported") pin_modify = [ 0x00, # bTimerOut 0x00, # bTimerOut2 0x82, # bmFormatString: Byte, pos=0, left, ASCII. @@ -171,7 +171,7 @@ class Card(object): sw1 = data[0] sw2 = data[1] if not (sw1 == 0x90 and sw2 == 0x00): - raise ValueError, ("%s %02x %02x" % (command, sw1, sw2)) + raise ValueError("%s %02x %02x" % (command, sw1, sw2)) def cmd_reset_retry_counter(self, who, data): if who == BY_ADMIN: @@ -180,7 +180,7 @@ class Card(object): apdu = [0x00, 0x2c, 0x00, 0x81, len(data) ] + data # BY_USER with resetcode response, sw1, sw2 = self.connection.transmit(apdu) if not (sw1 == 0x90 and sw2 == 0x00): - raise ValueError, ("cmd_reset_retry_counter %02x %02x" % (sw1, sw2)) + raise ValueError("cmd_reset_retry_counter %02x %02x" % (sw1, sw2)) # Note: CCID specification doesn't permit this (only 0x20 and 0x24) def cmd_reset_retry_counter_pinpad(self, who): @@ -195,7 +195,7 @@ class Card(object): apdu = [0x00, 0xda, 0x00, 0xd3, len(data) ] + data # BY_ADMIN response, sw1, sw2 = self.connection.transmit(apdu) if not (sw1 == 0x90 and sw2 == 0x00): - raise ValueError, ("cmd_put_resetcode %02x %02x" % (sw1, sw2)) + raise ValueError("cmd_put_resetcode %02x %02x" % (sw1, sw2)) # Note: CCID specification doesn't permit this (only 0x20 and 0x24) def cmd_put_resetcode_pinpad(self): @@ -225,8 +225,8 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed): card.connection.connect() ident = card.connection.getReader() - print "Reader/Token:", ident - print "ATR:", toHexString( card.connection.getATR() ) + print("Reader/Token:", ident) + print("ATR:", toHexString( card.connection.getATR() )) if ident == COVADIS_VEGA_ALPHA: card.cmd_vega_alpha_disable_empty_verify() @@ -236,29 +236,29 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed): card.cmd_select_openpgp() if method == "verify": if who == BY_USER: - print "Please input User's PIN" + print("Please input User's PIN") else: - print "Please input Admin's PIN" + print("Please input Admin's PIN") card.cmd_verify_pinpad(who) elif method == "change": if change_by_two_steps: if who == BY_USER: - print "Please input User's PIN" + print("Please input User's PIN") else: - print "Please input Admin's PIN" + print("Please input Admin's PIN") card.cmd_verify_pinpad(who) if who == BY_USER: - print "Please input New User's PIN twice" + print("Please input New User's PIN twice") else: - print "Please input New Admin's PIN twice" + print("Please input New Admin's PIN twice") card.cmd_change_reference_data_pinpad(who, True) else: if who == BY_USER: - print "Please input User's PIN" - print "and New User's PIN twice" + print("Please input User's PIN") + print("and New User's PIN twice") else: - print "Please input Admin's PIN" - print "and New Admin's PIN twice" + print("Please input Admin's PIN") + print("and New Admin's PIN twice") card.cmd_change_reference_data_pinpad(who, False) elif method == "unblock": if change_by_two_steps: @@ -268,66 +268,66 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed): newpin=s2l(getpass("Please input New User's PIN from keyboard: ")) card.cmd_reset_retry_counter(who,resetcode+newpin) else: - print "Please input Admin's PIN" + print("Please input Admin's PIN") card.cmd_verify_pinpad(BY_ADMIN) newpin=s2l(getpass("Please input New User's PIN from keyboard: ")) card.cmd_reset_retry_counter(who,newpin) else: if who == BY_USER: - print "Please input reset code" - print "and New User's PIN twice" + print("Please input reset code") + print("and New User's PIN twice") else: - print "Please input Admin's PIN" + print("Please input Admin's PIN") card.cmd_verify_pinpad(BY_ADMIN) - print "Please input New User's PIN twice" + print("Please input New User's PIN twice") card.cmd_reset_retry_counter_pinpad(who) elif method == "put": if change_by_two_steps: # It means using keyboard for new PIN - print "Please input Admin's PIN" + print("Please input Admin's PIN") card.cmd_verify_pinpad(BY_ADMIN) resetcode=s2l(getpass("Please input New Reset Code from keyboard: ")) card.cmd_put_resetcode(resetcode) else: - print "Please input Admin's PIN" + print("Please input Admin's PIN") card.cmd_verify_pinpad(BY_ADMIN) - print "Please input New Reset Code twice" + print("Please input New Reset Code twice") card.cmd_put_resetcode_pinpad() else: - raise ValueError, method + raise ValueError(method) card.connection.disconnect() - print "OK." + print("OK.") return 0 def print_usage(): - print "pinpad-test: testing pinentry of PC/SC card reader" - print " help:" - print "\t--help:\t\tthis message" - print " method:\t\t\t\t\t\t\t[verify]" - print "\t--verify:\tverify PIN" - print "\t--change:\tchange PIN (old PIN, new PIN twice)" - print "\t--change2:\tchange PIN by two steps (old PIN, new PIN twice)" - print "\t--unblock:\tunblock PIN (admin PIN/resetcode, new PIN twice)" - print "\t--unblock2:\tunblock PIN (admin PIN:pinpad, new PIN:kbd)" - print "\t--put:\t\tsetup resetcode (admin PIN, new PIN twice)" - print "\t--put2::\t\tsetup resetcode (admin PIN:pinpad, new PIN:kbd)" - print " options:" - print "\t--fixed N:\tUse fixed length input" - print "\t--admin:\tby administrator\t\t\t[False]" - print "\t--add:\t\tadd a dummy byte at the end of APDU\t[False]" - print "\t--pinmin:\tspecify minimum length of PIN\t\t[6]" - print "\t--pinmax:\tspecify maximum length of PIN\t\t[15]" - print "EXAMPLES:" - print " $ pinpad-test # verify user's PIN " - print " $ pinpad-test --admin # verify admin's PIN " - print " $ pinpad-test --change # change user's PIN " - print " $ pinpad-test --change --admin # change admin's PIN " - print " $ pinpad-test --change2 # change user's PIN by two steps" - print " $ pinpad-test --change2 --admin # change admin's PIN by two steps" - print " $ pinpad-test --unblock # change user's PIN by reset code" - print " $ pinpad-test --unblock --admin # change user's PIN by admin's PIN" - print " $ pinpad-test --put # setup resetcode " + print("pinpad-test: testing pinentry of PC/SC card reader") + print(" help:") + print("\t--help:\t\tthis message") + print(" method:\t\t\t\t\t\t\t[verify]") + print("\t--verify:\tverify PIN") + print("\t--change:\tchange PIN (old PIN, new PIN twice)") + print("\t--change2:\tchange PIN by two steps (old PIN, new PIN twice)") + print("\t--unblock:\tunblock PIN (admin PIN/resetcode, new PIN twice)") + print("\t--unblock2:\tunblock PIN (admin PIN:pinpad, new PIN:kbd)") + print("\t--put:\t\tsetup resetcode (admin PIN, new PIN twice)") + print("\t--put2::\t\tsetup resetcode (admin PIN:pinpad, new PIN:kbd)") + print(" options:") + print("\t--fixed N:\tUse fixed length input") + print("\t--admin:\tby administrator\t\t\t[False]") + print("\t--add:\t\tadd a dummy byte at the end of APDU\t[False]") + print("\t--pinmin:\tspecify minimum length of PIN\t\t[6]") + print("\t--pinmax:\tspecify maximum length of PIN\t\t[15]") + print("EXAMPLES:") + print(" $ pinpad-test # verify user's PIN ") + print(" $ pinpad-test --admin # verify admin's PIN ") + print(" $ pinpad-test --change # change user's PIN ") + print(" $ pinpad-test --change --admin # change admin's PIN ") + print(" $ pinpad-test --change2 # change user's PIN by two steps") + print(" $ pinpad-test --change2 --admin # change admin's PIN by two steps") + print(" $ pinpad-test --unblock # change user's PIN by reset code") + print(" $ pinpad-test --unblock --admin # change user's PIN by admin's PIN") + print(" $ pinpad-test --put # setup resetcode ") if __name__ == '__main__': who = BY_USER @@ -374,7 +374,7 @@ if __name__ == '__main__': print_usage() exit(0) else: - raise ValueError, option + raise ValueError(option) main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed) # Failure From gniibe at fsij.org Tue Jan 14 06:13:38 2020 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 14 Jan 2020 14:13:38 +0900 Subject: [PATCH] tool: switch to python3 In-Reply-To: <20200111180411.289770-1-bertrand@jacquin.bzh> References: <20200111180411.289770-1-bertrand@jacquin.bzh> Message-ID: <871rs24o3h.fsf@iwagami.gniibe.org> Bertrand Jacquin wrote: > python2 is no longer maintained upstream Thanks. Applied and pushed. Perhaps, I will consider new release of Gnuk in this January, so that I will be able to flash FST-01SZ with new version, when being asked in Europe. -- From szczepan at nitrokey.com Wed Jan 22 17:05:05 2020 From: szczepan at nitrokey.com (Szczepan Zalega | Nitrokey) Date: Wed, 22 Jan 2020 17:05:05 +0100 Subject: User reports GNUK 1.2.14 losing his keys Message-ID: Hello, One of Nitrokey Start/GNUK 1.2.14 users reports his device is losing his keys overnight. However maximum PIN lengths are zeroed as well while running `gnupg --card-status`, which looks suspicious and might rather direct to backend IPC communication issues. I tried to reproduce it, but with no luck. As far as I know this is a single case. Has anyone encountered such a situation before? Any tips, how to debug this? I have already asked about scdaemon.log. Details: https://support.nitrokey.com/t/nitrokey-start-forgets-keys/2113 -- Best regards, Szczepan From gniibe at fsij.org Thu Jan 23 07:56:53 2020 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 23 Jan 2020 15:56:53 +0900 Subject: About .note.gnu.build-id section Message-ID: <87zheeoe2y.fsf@iwagami.gniibe.org> Hello, When GCC is built with --enable-linker-build-id, gcc generates the .note.gnu.build-id section. I think that having .note.gnu.build-id section for an image of embedded system doesn't make much sense. I believe that it is common practice not-enabling this option for GCC for embedded. If you have such a compiler for some reasons, for now, please put a line in your gnuk/src/gnuk.ld.in: /DISCARD/ : { *(.note.gnu.build-id) } (and/or gnuk/src/stdaln-sys.ld.in) I'm not sure if having the line in gnuk/src/gnuk.ld.in of the source is good or not. I think that including the section to an image is not good, because it's just a waste of space. So, even having something for .note.gnu.build-id, it should be /DISCARD/. If we want to identify an image by such an ID, we should do it right. Currently, the image for Gnuk consists of two parts: the first 4KB and the rest. By firmware update, only the latter is used. In this situation, perhaps, we need to generate an ID for the latter (not for entire image). FWIW, I leaned about the build ID by reading: https://fedoraproject.org/wiki/RolandMcGrath/BuildID With this support, every binary has .note.gnu.build-id section and we can connect a binary to its debug information. In my Debian GNU/Linux system, I have /usr/lib/debug/.build-id/ directory to have debug information. -- From gniibe at fsij.org Thu Jan 23 09:19:38 2020 From: gniibe at fsij.org (Niibe Yutaka) Date: Thu, 23 Jan 2020 17:19:38 +0900 Subject: User reports GNUK 1.2.14 losing his keys In-Reply-To: References: Message-ID: <87a76einz9.fsf@jumper.gniibe.org> Szczepan Zalega | Nitrokey wrote: > Details: https://support.nitrokey.com/t/nitrokey-start-forgets-keys/2113 Apparently (0 0 0 and 0 0 0 and 0 and triple [none]), gpg was unable to get information from scdaemon. It looks like USB failure. Unfortunately, important information is missing. Full output of gpg --card-status should be available, which includes information about method of accessing the token (PC/SC or internal CCID driver). -- From szczepan at nitrokey.com Thu Jan 23 10:03:50 2020 From: szczepan at nitrokey.com (Szczepan Zalega | Nitrokey) Date: Thu, 23 Jan 2020 10:03:50 +0100 Subject: User reports GNUK 1.2.14 losing his keys In-Reply-To: <87a76einz9.fsf@jumper.gniibe.org> References: <87a76einz9.fsf@jumper.gniibe.org> Message-ID: On 1/23/20 9:19 AM, Niibe Yutaka wrote: > Apparently (0 0 0 and 0 0 0 and 0 and triple [none]), gpg was unable > to get information from scdaemon. It looks like USB failure. > > Unfortunately, important information is missing. Full output of gpg > --card-status should be available, which includes information about > method of accessing the token (PC/SC or internal CCID driver). > Thank you, will check this direction further. -- Best regards, Szczepan From gniibe at fsij.org Fri Jan 24 07:18:15 2020 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 24 Jan 2020 15:18:15 +0900 Subject: User reports GNUK 1.2.14 losing his keys In-Reply-To: References: <87a76einz9.fsf@jumper.gniibe.org> Message-ID: <87k15hjs2g.fsf@jumper.gniibe.org> Hello, again, Looking at the support page of yours, I'm afraid you suggested wrong direction (if you want to identify the real cause of the problem). Let me explain a few things. For use of GnuPG with Gnuk Token (or OpenPGPcard), I believe that the best way is using scdaemon with the internal CCID driver. When something goes wrong in USB communication, it can detect problem soonish. To detect device event reliably, Gnuk specifically uses the USB endpoint 2 for its interrupt endpoint, although it is a token with fixed card. (Such an endpoint is used to notify host for card events of insertion/removal.) It works well with the internal CCID driver; when USB connection going wrong, scdaemon is notified. Scdaemon supports PC/SC, because there are situations where it is needed; Like on system with Windows/macOS, or environment where use of other card is required. PC/SC itself is a subsystem, a bit complicated. It has/does its own internal error handling. So, scdaemon cannot get fine-grained information in some situations. I'd recomend use of the internal CCID driver, especially when we need to identify the device problem. And, suggesting shared use of a USB device by multiple applications in a violent way (no coordination among multiple applications) may just compilicate things. If it is common practice among your users to try such a thing, I have no wonder observing problem of 0 0 0 and 0 0 0 and 0 and triple [none]. For use by other applications, we keep suggesting a solid method of: gpgconf --kill scdaemon instead. Well, for me, it looks like the device itself works fine and it seems that it's other part(s) of user's system which caused the problem. -- From gniibe at fsij.org Fri Jan 24 09:17:54 2020 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 24 Jan 2020 17:17:54 +0900 Subject: Gnuk 1.2.15 Message-ID: Hello, Gnuk 1.2.15 is released. tag release/1.2.15 Tagger: NIIBE Yutaka Date: Fri Jan 24 15:39:31 2020 +0900 commit 49f25449185ba75c60e4a04a285bbb814c50e53e Firmware wise, only update of Chopstx by 1.18. Tests are updated to support testing with OpenPGP card. Tools are patched to run with Python3. In 2020, I'm going to remove old features (like RSA and classic ECC) from master, and I'd like to support modern ECC only. --