Gnuk 1.2.20 and Chopstx 1.21

NIIBE Yutaka gniibe at
Mon Apr 25 04:54:48 CEST 2022


Chopstx 1.21 is released.

	tag release/1.21
	Tagger: NIIBE Yutaka <gniibe at>
	Date:   Fri Apr 22 11:14:57 2022 +0900
	commit e12a7e0bb3f004c7bca41cfdb24c8b66daf3db89

This release is from STABLE-BRANCH-1 branch.

Gnuk 1.2.20 is released.

	tag release/1.2.20
	Tagger: NIIBE Yutaka <gniibe at>
	Date:	Fri Apr 22 11:20:32 2022 +0900
	commit 9d3c08bd2beb73ce942b016d4328f0a596096c02

This release is from STABLE-BRANCH-1-2 branch.

Those are maintenance releases.  Newer compiler is more strict, so, I
need to care about clear semantics of pointer uses (I didn't care in the

If you still uses Gnuk Token < 1.2.16, the change in 1.2.16 may be
useful, with the use case of newer OpenSSH, which uses
sntrup761x25519-sha512 at  It requires larger data to be

* Major changes in Gnuk 1.2.16

  Released 2020-09-10, by NIIBE Yutaka

** Ed25519 signing allowing longer message
For OpenPGP, it does hashing on host side before requesting signing to
the device.  Thus, the length of message to be signed is limited and
determined by the hash algorithm.  That's good feature of OpenPGP.  On
the other hand, there is a use case, like OpenSSH certificate signing,
where the length of message is a kind of arbitrary.  Even though Gnuk
(or OpenPGP card protocol itself) has limitation, we removed the
length check against EDDSA_HASH_LEN_MAX at cmd_pso.

scdaemon fix is also needed, it will be in GnuPG 2.3.6.  It is tracked

More information about the Gnuk-users mailing list