From frederic.suel at free.fr Sun Jul 26 15:35:05 2020 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Sun, 26 Jul 2020 15:35:05 +0200 Subject: How to use multiple Gnuk Token on the same PC Message-ID: Hello ! I'm trying to use two Gnuk Token on the same PC. But, it seems that Gpg/Enigmail show only the last plug. I have two Gnuk token with two different identities ( A & B) because I don't want to have them on the same keys for personal reason/use. I plugged them both on Linux (A first then B) and I try to send a cipher mail from A to B : it worked I try to encipher mail received by B and it worked. I made the other side : from B to A. When i try to encipher mail for A, Gpg/Enigmail asked me for token A also it was plugged. I unplugged token B ans it worked ! It seems that it's impossible to use multiple Gnuk Token on the same PC at the same time. Is there a solution ? Is it planned ? It would be great because there is a lot of security use-cases for that : -- one token by mail identity : personal, professional,pseudo ..; -- one token for mail and one for encrypt HDD or session ; -- one token for mail, one for SSH ; -- etc.. Best regards From jan at nitrokey.com Sun Jul 26 20:32:47 2020 From: jan at nitrokey.com (Jan Suhr | Nitrokey) Date: Sun, 26 Jul 2020 20:32:47 +0200 Subject: How to use multiple Gnuk Token on the same PC In-Reply-To: References: Message-ID: <672ee1df-4052-b718-2dff-1c5c83e0906f@nitrokey.com> We just released a modified Gnuk firmware which supports three IDs: https://www.nitrokey.com/news/2020/new-firmware-multiple-identities-and-pgp-keys-one-nitrokey-start The source code is at: https://github.com/Nitrokey/nitrokey-start-firmware Am 26.07.20 um 15:35 schrieb Fr?d?ric SUEL: > Hello ! > > I'm trying to use two Gnuk Token on the same PC. But, it seems that > Gpg/Enigmail show only the last plug. > > I have two Gnuk token with two different identities ( A & B) because I > don't want to have them on the same keys for personal reason/use. > > I plugged them both on Linux (A first then B) and I try to send a cipher > mail from A to B : it worked > > I try to encipher mail received by B and it worked. > > I made the other side : from B to A. When i try to encipher mail for A, > Gpg/Enigmail asked me for token A also it was plugged. I unplugged token > B ans it worked ! > > It seems that it's impossible to use multiple Gnuk Token on the same PC > at the same time. > > Is there a solution ? Is it planned ? It would be great because there is > a lot of security use-cases for that : > > -- one token by mail identity : personal, professional,pseudo ..; > > -- one token for mail and one for encrypt HDD or session ; > > -- one token for mail, one for SSH ; > > -- etc.. > > Best regards > > > > > > > > > _______________________________________________ > Gnuk-users mailing list > Gnuk-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnuk-users > -- Jan Suhr CEO / Gesch?ftsf?hrer Nitrokey GmbH https://www.nitrokey.com Email: jan at nitrokey.com Phone: +49 163 7010 408 Rheinstr. 10 C, 14513 Teltow, Germany CEO / Gesch?ftsf?hrer: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / USt-IdNr.: DE300136599 From frederic.suel at free.fr Sun Jul 26 23:58:45 2020 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Sun, 26 Jul 2020 23:58:45 +0200 Subject: How to use multiple Gnuk Token on the same PC In-Reply-To: <672ee1df-4052-b718-2dff-1c5c83e0906f@nitrokey.com> References: <672ee1df-4052-b718-2dff-1c5c83e0906f@nitrokey.com> Message-ID: It's a great new! Is it compatible with FST-01, and other STM32F103 Gnuk compatible cards ? And, if i need more than three identities/usages on the same device, and then two or more NitrokeyStart plugged, can it work and how ? Best regards Le 26/07/2020 ? 20:32, Jan Suhr | Nitrokey via Gnuk-users a ?crit?: > We just released a modified Gnuk firmware which supports three IDs: > > https://www.nitrokey.com/news/2020/new-firmware-multiple-identities-and-pgp-keys-one-nitrokey-start > > The source code is at: > https://github.com/Nitrokey/nitrokey-start-firmware > > > Am 26.07.20 um 15:35 schrieb Fr?d?ric SUEL: >> Hello ! >> >> I'm trying to use two Gnuk Token on the same PC. But, it seems that >> Gpg/Enigmail show only the last plug. >> >> I have two Gnuk token with two different identities ( A & B) because I >> don't want to have them on the same keys for personal reason/use. >> >> I plugged them both on Linux (A first then B) and I try to send a cipher >> mail from A to B : it worked >> >> I try to encipher mail received by B and it worked. >> >> I made the other side : from B to A. When i try to encipher mail for A, >> Gpg/Enigmail asked me for token A also it was plugged. I unplugged token >> B ans it worked ! >> >> It seems that it's impossible to use multiple Gnuk Token on the same PC >> at the same time. >> >> Is there a solution ? Is it planned ? It would be great because there is >> a lot of security use-cases for that : >> >> -- one token by mail identity : personal, professional,pseudo ..; >> >> -- one token for mail and one for encrypt HDD or session ; >> >> -- one token for mail, one for SSH ; >> >> -- etc.. >> >> Best regards >> >> >> >> >> >> >> >> >> _______________________________________________ >> Gnuk-users mailing list >> Gnuk-users at gnupg.org >> https://lists.gnupg.org/mailman/listinfo/gnuk-users >> From szczepan at nitrokey.com Mon Jul 27 17:41:51 2020 From: szczepan at nitrokey.com (Szczepan Zalega | Nitrokey) Date: Mon, 27 Jul 2020 17:41:51 +0200 Subject: How to use multiple Gnuk Token on the same PC In-Reply-To: References: <672ee1df-4052-b718-2dff-1c5c83e0906f@nitrokey.com> Message-ID: <13fef8d5-59fb-e754-adfb-8293cdbfecc5@nitrokey.com> On 7/26/20 11:58 PM, Fr?d?ric SUEL wrote: > Is it compatible with FST-01, and other STM32F103 Gnuk compatible cards ? > Hi! We do not have any particular hardware requirements besides availability of 128kB of flash. The space is very tight though, and it might not fit for some particular platform depending on the compiler. Surely works for STM32F103. > And, if i need more than three identities/usages on the same device, and > then two or more NitrokeyStart plugged, can it work and how ? > Just recently we have released a Python CLI tool [1] for changing the virtual smart cards [2] through CCID/HID. It can address the specific device by SN as far as I remember. [1] https://github.com/Nitrokey/pynitrokey/ [2] https://github.com/Nitrokey/pynitrokey/#switching-id Best regards, Szczepan -- Szczepan Zalega Senior Software Developer Nitrokey GmbH https://www.nitrokey.com Email: szczepan at nitrokey.com Nickname: szszszsz Rheinstr. 10 C, 14513 Teltow, Germany CEO / Gesch?ftsf?hrer: Jan Suhr Register: AG Potsdam, HRB 32882 P VAT ID / USt-IdNr.: DE300136599 From wk at gnupg.org Tue Jul 28 19:41:09 2020 From: wk at gnupg.org (Werner Koch) Date: Tue, 28 Jul 2020 19:41:09 +0200 Subject: How to use multiple Gnuk Token on the same PC In-Reply-To: (=?utf-8?B?IkZyw6lkw6lyaWM=?= SUEL"'s message of "Sun, 26 Jul 2020 15:35:05 +0200") References: Message-ID: <874kpry1u2.fsf@wheatstone.g10code.de> On Sun, 26 Jul 2020 15:35, Fr?d?ric SUEL said: > It seems that it's impossible to use multiple Gnuk Token on the same PC > at the same time. No, but you need to use the current development version of GnuPG. I am using 2 and more tokens for about two years now without problems. We plan to get that 2.3 version out later the year. See https://dev.gnupg.org/T4702 Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 227 bytes Desc: not available URL: From gniibe at fsij.org Wed Jul 29 03:35:15 2020 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 29 Jul 2020 10:35:15 +0900 Subject: How to use multiple Gnuk Token on the same PC In-Reply-To: References: Message-ID: <87zh7jyugc.fsf@iwagami.gniibe.org> Fr?d?ric SUEL wrote: > I'm trying to use two Gnuk Token on the same PC. But, it seems that > Gpg/Enigmail show only the last plug. GnuPG 2.2 only supports a single token with PC/SC. But, with the internal CCID driver, multiple tokens are supported. If 'gpg --card-status' shows your reader like: Reader ...........: 234B:0000:FSIJ-1.2.15-43225368:0 (i.e., USB VID:PID:SERIAL-string:0), then, it uses the internal CCID driver. If not, it is through PC/SC. If there is no specific reason to enable PC/SC service (for example, other usages for other cards), you can disable it so that the internal CCID driver will be selected. GnuPG 2.3 will support multiple tokens with PC/SC. The ticket to track this feature is: https://dev.gnupg.org/T3300 Including this improvement, there will be more in GnuPG 2.3. It is listed at: https://dev.gnupg.org/T4764 --