From frederic.suel at free.fr Sun Feb 16 19:17:42 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Sun, 16 Feb 2025 19:17:42 +0100 Subject: Help with new board Blue Pill Plus with gnuk Message-ID: Hi, I find a new board made by WeAct Studio : Blue Pill Plus : -- https://weactstudio.aliexpress.com/ -- https://stm32-base.org/boards/STM32F103C8T6-WeAct-Blue-Pill-Plus-Clone.html#User-button This board exist with 4 ARM-Cortex M3 processors : -- STM32F103 C8??? : https://github.com/WeActStudio/BluePill-Plus/tree/master -- STM32F103 CB -- APM32F103 CB ??? : https://github.com/WeActStudio/WeActStudio.BluePill-Plus-APM32/tree/main -- GD32F103 CB ??? ??? : https://github.com/WeActStudio/WeActStudio.BluePill-Plus-GD32/tree/main But also with 3 RISC-V processors : -- CH32F103 C8 : https://github.com/WeActStudio/WeActStudio.BluePill-Plus-CH3 -- CH32V103 C8 -- CH32V203 C8 -------- As anyone compile Gnuk for this board ? -------- ------------------------------------------------------------------------------------------* * *I Try to compile for board Blue Pill PLUS STM32F103 CB* ------------------------------------------------------------------------------------------* * /->? without the use of keyuser for instance, because it use PA0 witch is necessary for NEUG operations* */ This board is very close to FST-01, so i just : -- create a /chopstx/board/board-blue-pill-plus-cb.h (version STM32F103 CT6 128 Ko) -- add a #define in /chopstx/mcu/sys-stm32f103.h -- add the board in /chopstx/contrib/adc-stm32f103.c?? in the function get_adc_config () in the case choice where there is ST-DONGLE and FST-01SZ (AN0 & AN1) . I doesn't take care for instance about acknowledge button in PA0 -- add the board in /src/configure as an option of configuration only. It processor is a STMF103 CBT6 72 Mhz, 128ko 20ko -------- ??? Did i forgot to modify some files ? -------- ----------------------------------------------------------------* * *I test of gnuk 1.2.20 install on the board.* ----------------------------------------------------------------* * It seems to work fine, but : *Keys selection* *-----------------------_ _* -- with key-attr, i can select, with gpg 2.2.40 or 2.4.4: ??? - 1) rsa ?? ? - 2) ECC -->??? 1) curve 25519 ??? ??? ??? ??? ??? ??? ??? 4) NIST P-384 ??? ?? ??? ??? ??? ??? ???? 6) Brainpool (/choice/ /not available with gpg 2.2.40/) *Keys generation on the board* *----------------------------------------------- * ??? -- rsa 2048 works and i can generate keys ??? -- /ras4096 seems to work, but keys generation fails / ??? -- curve 25519 works? and i can generate keys ??? --/NIST doesn't work. I can select choice 4), but nothing change when i use list command? (gpg 2.2.40 and gpg 2.4.4) / ??? -- /Brainpool //doesn't work. I can select choice 6), butnothing change when i use list command (gpg 2.4.4, with gpg 2.2.40 Brainpool choice is not available)/ -------- ??? Is key-attributes for key generate on the card or determine the type of key you can put on the card with keytocard command ? ??? How to know witch keys Gnuk supports with keytocard command ? *Keys generation on the PC (curve keys) and transfer to the board* ---------------------------------------------------------------------------------------------------------* * It works fine with Gniibe documentation.*_ _* *Keys operation* ------------------------* * Both for keys generation on the board and keys generation (Curve 25519) on the PC and transfer to the board, Sign, crypt/decrypt, sign+crypt/decrypt operations works *Led* -----* * Led is slowly blinking (~ Off every two seconds for less than 1 second) -------- Is it normal ? Can anyone explain to me the utility of this led ? -------- -------------------------------------------------------------------- *I also test of gnuk 2.2 install on the board.* -------------------------------------------------------------------- It seems to work fine, but : *Keys selection* ----------------------- -- with key-attr, i can select, with gpg 2.2.40 or_2.4.4_: ??? - 1) rsa ?? ? - 2) ECC --> 1) curve 25519 *default* ??? ??? ??? ??? ??? ??? 4) NIST P-384 ??? ??? ??? ??? ??? ??? 6) Brainpool P-256 (/choice/ /not available with gpg 2.2.40/) *Keys generation on the board* ----------------------------------------------- ??? -- rsa 2048 seems to work,/but list command always show ed/cv/ed and generation isn't possbile / ??? -- /ras4096 seems to work, but //list command always show ed/cv/ed //and generation isn't possbile/ ??? -- curve works? and i can generate keys ??? --/NIST doesn't work. I can select choice 4), but nothing change when i use list command? (gpg 2.2.40 and gpg 2.4.4) / ??? -- /Brainpool //doesn't work. I can select choice 6), butnothing change when i use list command (gpg 2.4.4, with gpg 2.2.40 Brainpool choice is not available)/ *Keys generation on the PC (curve keys) and transfer to the board* ---------------------------------------------------------------------------------------------------------* * It works fine with Gniibe documentation.*_ _* *Keys operation* ------------------------* * Both for keys generation on the board and keys generation (Curve 25519) on the PC and transfer to the board, Sign, crypt/decrypt, sign+crypt/decrypt operations works *Led* -----* * Led is slowly blinking (~ Off every two seconds for less than 1 second) -------- All the results for gnuk 2.2 version don't correspond to the Gnuk 2.x functionalities announced on the list the 06/09/2023 : From NEWS, here is major changes in Gnuk 2.1 * Ed448 and X448 support. Ed448 and X448 support are added. This support is experimental. * Removal of RSA support. RSA support has been removed. * Removal of NIST P-256 support. NIST P-256 curve support has been removed. 1) RSA support with key-attr is always available but doesn't work 2) I can't find with key-attr X448 or Ed448 support As anyone explanations about this results ? ----------------------------------------------------------------- Best regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From gniibe at fsij.org Mon Feb 17 02:18:00 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Mon, 17 Feb 2025 10:18:00 +0900 Subject: Help with new board Blue Pill Plus with gnuk In-Reply-To: References: Message-ID: <87ldu5tlmf.fsf@haruna.fsij.org> Fr?d?ric SUEL wrote: > I find a new board made by WeAct Studio : Blue Pill Plus : > > -- https://weactstudio.aliexpress.com/ Thank you for sharing information. It's new for me. > *I test of gnuk 1.2.20 install on the board.* [...] > ??? Is key-attributes for key generate on the card or determine the > type of key you can put on the card with keytocard command ? > > ??? How to know witch keys Gnuk supports with keytocard command ? It's an issue of UI of GnuPG. UI of GnuPG is not (yet) kind enough to inspect supported algorithm for key generation. (GnuPG tries to generate a key, asking a user. There is no check.) In newer OpenPGP card specifications, key attributes data object (KEY-ATTR-INFO, in the term of gnupg/scd/app-openpgp.c) is introduced. UI of GnuPG could use this data object, but it's not (yet) done. We can inspect the data object, like (with Gnuk 2.2): $ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye S KEY-ATTR-INFO OPENPGP.1 secp256k1 S KEY-ATTR-INFO OPENPGP.1 ed25519 S KEY-ATTR-INFO OPENPGP.1 ed448 S KEY-ATTR-INFO OPENPGP.2 secp256k1 S KEY-ATTR-INFO OPENPGP.2 cv25519 S KEY-ATTR-INFO OPENPGP.2 cv448 S KEY-ATTR-INFO OPENPGP.3 secp256k1 S KEY-ATTR-INFO OPENPGP.3 ed25519 S KEY-ATTR-INFO OPENPGP.3 ed448 OK > *Led* > > -----* > * > > Led is slowly blinking (~ Off every two seconds for less than 1 second) > > -------- > > Is it normal ? Can anyone explain to me the utility of this led ? It's normal. It shows status of CCID communication; Blinking means that it's in use by scdaemon. > *I also test of gnuk 2.2 install on the board.* [...] > 1) RSA support with key-attr is always available but doesn't work > 2) I can't find with key-attr X448 or Ed448 support > > As anyone explanations about this results ? Are you sure if it's Gnuk 2.2? As the CLI interaction example above shows, it works for me (no RSA, has X448 and Ed448 support). -- From frederic.suel at free.fr Mon Feb 17 11:13:25 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Mon, 17 Feb 2025 11:13:25 +0100 Subject: Help with new board Blue Pill Plus with gnuk In-Reply-To: <87ldu5tlmf.fsf@haruna.fsij.org> References: <87ldu5tlmf.fsf@haruna.fsij.org> Message-ID: <2ae47c94-d61f-41c9-888a-6a58539ce7e9@free.fr> Hi, Thanks you very much for all the answers. Le 17/02/2025 ? 02:18, NIIBE Yutaka a ?crit?: > Fr?d?ric SUEL wrote: >> I find a new board made by WeAct Studio : Blue Pill Plus : >> >> -- https://weactstudio.aliexpress.com/ > Thank you for sharing information. It's new for me. > >> *I test of gnuk 1.2.20 install on the board.* > [...] >> ??? Is key-attributes for key generate on the card or determine the >> type of key you can put on the card with keytocard command ? >> >> ??? How to know witch keys Gnuk supports with keytocard command ? > It's an issue of UI of GnuPG. UI of GnuPG is not (yet) kind enough to > inspect supported algorithm for key generation. (GnuPG tries to > generate a key, asking a user. There is no check.) > > In newer OpenPGP card specifications, key attributes data object > (KEY-ATTR-INFO, in the term of gnupg/scd/app-openpgp.c) is introduced. > UI of GnuPG could use this data object, but it's not (yet) done. > > We can inspect the data object, like (with Gnuk 2.2): > > $ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye > S KEY-ATTR-INFO OPENPGP.1 secp256k1 > S KEY-ATTR-INFO OPENPGP.1 ed25519 > S KEY-ATTR-INFO OPENPGP.1 ed448 > S KEY-ATTR-INFO OPENPGP.2 secp256k1 > S KEY-ATTR-INFO OPENPGP.2 cv25519 > S KEY-ATTR-INFO OPENPGP.2 cv448 > S KEY-ATTR-INFO OPENPGP.3 secp256k1 > S KEY-ATTR-INFO OPENPGP.3 ed25519 > S KEY-ATTR-INFO OPENPGP.3 ed448 > OK > >> *Led* >> >> -----* >> * >> >> Led is slowly blinking (~ Off every two seconds for less than 1 second) >> >> -------- >> >> Is it normal ? Can anyone explain to me the utility of this led ? > It's normal. It shows status of CCID communication; Blinking means that > it's in use by scdaemon. Now, it's clear for me. > >> *I also test of gnuk 2.2 install on the board.* > [...] >> 1) RSA support with key-attr is always available but doesn't work >> 2) I can't find with key-attr X448 or Ed448 support >> >> As anyone explanations about this results ? > Are you sure if it's Gnuk 2.2? As the CLI interaction example above > shows, it works for me (no RSA, has X448 and Ed448 support). Yes, i made the test twice? (compiling and executing). Environment : LinuxMint? 21.3 / gnupg 2.4.4 (Ubuntu base) or ParrotOS (Debian base) / gnupg 2.2.40 ----- LinuxMint? 21.3 (Ubuntu base) / gnupg 2.4.4 $ gpg --card-edit can't connect to 'socket:///home/yokosano/.gnupg/log-socket': Aucun fichier ou dossier de ce nom Reader ...........: 1209:2440:FSIJ-2.2-43112959:0 Application ID ...: D276000124010200FFFE431129590000 Application type .: OpenPGP Version ..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number ....: 43112959 Name of cardholder: [non positionn?] Language prefs ...: [non positionn?] Salutation .......: URL of public key : [non positionn?] Login data .......: [non positionn?] Signature PIN ....: forc? Key attributes ...: ed25519 cv25519 ed25519 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 1 KDF setting ......: on UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: ADBB C781 90C0 36F8 6551? 2D1D 6648 3F9B 33BA 0DE6 ????? created ....: 2025-02-15 19:32:10 Encryption key....: 9773 5974 62DE CA37 C49B? 9722 2EDA 1B2F 4AD9 C893 ????? created ....: 2025-02-15 19:32:10 Authentication key: 8151 CC46 5948 B893 1538? 3706 61F1 EDBE 7587 F428 ????? created ....: 2025-02-15 19:33:24 General key info..: [none] gpg/carte> admin Les commandes d'administration sont permises gpg/carte> key-attr Changing card key attribute for: Signature key S?lectionnez le type de clef d?sir??: ?? (1) RSA ?? (2) ECC Quel est votre choix?? 2 S?lectionnez le type de courbe elliptique d?sir??: ?? (1) Curve 25519 *default* ?? (4) NIST P-384 ?? (6) Brainpool P-256 Quel est votre choix?? ----- ParrotOS (Debian base) / gnupg 2.2.40 $gpg --card-edit Reader ...........: 1209:2440:FSIJ-2.2-43112959:0 Application ID ...: D276000124010200FFFE431129590000 Application type .: OpenPGP Version ..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number ....: 43112959 Name of cardholder: [non positionn?] Language prefs ...: [non positionn?] Salutation .......: URL of public key : [non positionn?] Login data .......: [non positionn?] Signature PIN ....: forc? Key attributes ...: ed25519 cv25519 ed25519 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 1 KDF setting ......: on Signature key ....: ADBB C781 90C0 36F8 6551? 2D1D 6648 3F9B 33BA 0DE6 ????? created ....: 2025-02-15 19:32:10 Encryption key....: 9773 5974 62DE CA37 C49B? 9722 2EDA 1B2F 4AD9 C893 ????? created ....: 2025-02-15 19:32:10 Authentication key: 8151 CC46 5948 B893 1538? 3706 61F1 EDBE 7587 F428 ????? created ....: 2025-02-15 19:33:24 General key info..: pub? ed25519/0x66483F9B33BA0DE6 2025-02-15 tmtmt sec>? ed25519/0x66483F9B33BA0DE6? cr???: 2025-02-15? expire?: 2065-02-05 ????????????????????????????????? n? de carte?: FFFE 43112959 ssb>? cv25519/0x2EDA1B2F4AD9C893? cr???: 2025-02-15? expire?: 2065-02-05 ????????????????????????????????? n? de carte?: FFFE 43112959 ssb>? ed25519/0x61F1EDBE7587F428? cr???: 2025-02-15? expire?: 2065-02-05 ????????????????????????????????? n? de carte?: FFFE 43112959 gpg/carte> admin Les commandes d'administration sont permises gpg/carte> key-attr Changing card key attribute for: Signature key S?lectionnez le type de clef d?sir??: ?? (1) RSA ?? (2) ECC Quel est votre choix?? 2 S?lectionnez le type de courbe elliptique d?sir??: ?? (1) Curve 25519 ?? (4) NIST P-384 Quel est votre choix?? ----- Best regards -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: board-blue-pill-plus-cb.h Type: text/x-chdr Size: 2431 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: sys-stm32f103.h Type: text/x-chdr Size: 3169 bytes Desc: not available URL: -------------- next part -------------- #! /bin/bash # This is bash which supports ANSI-C Quoting nl=$'\n' # # This file is *NOT* generated by GNU Autoconf, but written by NIIBE Yutaka # # Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2021, # 2022 # Free Software Initiative of Japan # # This file is a part of Gnuk, a GnuPG USB Token implementation. # # Gnuk is free software: you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Gnuk is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public # License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # Submodule check # if ! test -f ../chopstx/rules.mk; then echo "Submodule 'chopstx' not found" >&2 echo "You might need: git submodule update --init" >&2 exit 1 fi # Default settings help=no vidpid=none target=FST_01 with_dfu=default sys1_compat=yes certdo=no factory_reset=no ackbtn_support=yes flash_override="" kdf_do=${kdf_do:-required} # For emulation prefix=/usr/local exec_prefix='${prefix}' libexecdir='${exec_prefix}/libexec' # Revision number if test -e ../.git; then if type git >/dev/null 2>&1; then REVISION=$(git describe --dirty="-modified") else # echo 'No git available, please install git' GIT_REVISION=$(sed -e 's/^\(.......\).*$/g\1/' "../.git/$(sed -e 's/^ref: //' ../.git/HEAD)") REVISION=$(cat ../VERSION)-$GIT_REVISION fi else REVISION=$(cat ../VERSION) fi # Process each option for option; do case $option in *=*) optarg=$(expr "X$option" : '[^=]*=\(.*\)') ;; *) optarg=yes ;; esac case $option in -h | --help) help=yes ;; --vidpid=*) vidpid=$optarg ;; --target=*) target=$optarg ;; --enable-certdo) certdo=yes ;; --disable-certdo) certdo=no ;; --enable-sys1-compat) sys1_compat=yes ;; --disable-sys1-compat) sys1_compat=no ;; --enable-factory-reset) factory_reset=yes ;; --disable-factory-reset) factory_reset=no ;; --with-dfu) with_dfu=yes ;; --without-dfu) with_dfu=no ;; # # For emulation # --prefix=*) prefix=optarg ;; --exec-prefix=*) exec_prefix=optarg ;; --libexecdir=*) libexecdir=optarg ;; *) echo "Unrecognized option \`$option'" >&2 echo "Try \`$0 --help' for more information." >&2 exit 1 ;; esac done if test "$help" = "yes"; then cat <] --target=TARGET specify target [FST_01] supported targets are: FST_01 FST_01G FST_01SZ OLIMEX_STM32_H103 MAPLE_MINI ST_DONGLE ST_NUCLEO_F103 NITROKEY_START BLUE_PILL STM8S_DISCOVERY CQ_STARM STM32_PRIMER2 STBEE STBEE_MINI BLUE_PILL_PLUS_CB FST_01_00 (unreleased version with 8MHz XTAL) --enable-factory-reset support life cycle management [no] --enable-certdo support CERT.3 data object [no] --enable-sys1-compat enable SYS 1.0 compatibility [yes] executable is target dependent --disable-sys1-compat disable SYS 1.0 compatibility [no] executable is target independent but requires SYS 2.0 or newer --with-dfu build image for DFU [] EOF exit 0 fi BOARD_HEADER_FILE=board-$(echo $target | tr '_[:upper:]' '-[:lower:]').h echo "Header file is: $BOARD_HEADER_FILE" ln -sf "../chopstx/board/$BOARD_HEADER_FILE" board.h # Frequency MHZ=72 # Flash page size in byte FLASH_PAGE_SIZE=1024 # Flash memory size in KiB FLASH_SIZE=128 # Memory size in KiB MEMORY_SIZE=20 # Settings for TARGET case $target in BLUE_PILL|STM8S_DISCOVERY) # It's 64KB version of STM32F103, but actually has 128KB flash_override="-DSTM32F103_OVERRIDE_FLASH_SIZE_KB=128" ;; CQ_STARM|STBEE_MINI) if test "$with_dfu" = "default"; then with_dfu=yes; fi ;; STM32_PRIMER2) FLASH_PAGE_SIZE=2048 FLASH_SIZE=512 MEMORY_SIZE=64 ;; STBEE) FLASH_PAGE_SIZE=2048 FLASH_SIZE=512 MEMORY_SIZE=64 if test "$with_dfu" = "default"; then with_dfu=yes; fi ;; BLUE_PILL_G) MHZ=96 ;; FST_01SZ) MHZ=96 ;; *) ;; esac def_mhz="-DMHZ=$MHZ" if test "$target" = "GNU_LINUX"; then ldscript="" chip="gnu-linux" arch="gnu-linux" emulation="yes" cross="" mcu="none" def_emulation="-DGNU_LINUX_EMULATION" def_memory_size="-DMEMORY_SIZE=1024" enable_hexoutput="" libs="-lpthread" else ldscript="gnuk.ld" chip="stm32f103" arch="cortex-m" emulation="" cross="arm-none-eabi-" mcu="cortex-m3" def_emulation="" def_memory_size="-DMEMORY_SIZE=$MEMORY_SIZE" enable_hexoutput=yes libs="" fi if test "$emulation" = "yes"; then if test "$vidpid" = "none"; then vidpid=0000:0000 else echo "Please don't specify VID:PID for emulation at compile time;" echo "It is a user who should specify VID:PID at run time." exit 1 fi else if test "$vidpid" = "none"; then echo "Please specify Vendor ID and Product ID by --vidpid option." >&2 exit 1 fi fi ORIGIN_REAL=0x08000000 ORIGIN_REAL_DEFINE="#define ORIGIN_REAL $ORIGIN_REAL" # --with-dfu option if test "$with_dfu" = "yes"; then if test "$target" = "FST_01" -o "$target" = "FST_01G" \ -o "$target" = "FST_01_00"; then echo "FST-01 doesn't have DFU loader, you should not use --with-dfu." >&2 exit 1 fi echo "Configured for DFU" if test "$target" = "MAPLE_MINI"; then # Note that the default bootloader is too large, need for instance # STM32duino for DFU on Maple Mini ORIGIN=0x08002000 FLASH_SIZE=$((FLASH_SIZE - 8)) else ORIGIN=0x08003000 FLASH_SIZE=$((FLASH_SIZE - 12)) fi DFU_DEFINE="#define DFU_SUPPORT 1" else with_dfu=no echo "Configured for bare system (no-DFU)" ORIGIN=${ORIGIN_REAL} DFU_DEFINE="#undef DFU_SUPPORT" fi ORIGIN_DEFINE="#define ORIGIN $ORIGIN" # --enable-certdo option if test "$certdo" = "yes"; then CERTDO_DEFINE="#define CERTDO_SUPPORT 1" echo "CERT.3 Data Object is supported" else CERTDO_DEFINE="#undef CERTDO_SUPPORT" echo "CERT.3 Data Object is NOT supported" fi # --enable-factory-reset option if test "$factory_reset" = "yes"; then LIFE_CYCLE_MANAGEMENT_DEFINE="#define LIFE_CYCLE_MANAGEMENT_SUPPORT 1" echo "Life cycle management is supported" else LIFE_CYCLE_MANAGEMENT_DEFINE="#undef LIFE_CYCLE_MANAGEMENT_SUPPORT" echo "Life cycle management is NOT supported" fi # Acknowledge button support if test "$ackbtn_support" = "yes"; then ACKBTN_DEFINE="#define ACKBTN_SUPPORT 1" echo "Acknowledge button is supported" else ACKBTN_DEFINE="#undef ACKBTN_SUPPORT" echo "Acknowledge button is not supported" fi # KDF Data Object is always required for GNU/Linux emulation if test "$kdf_do" = "required"; then KDF_DO_REQUIRED_DEFINE="#define KDF_DO_REQUIRED 1" echo "KDF DO is required before key import/generation" else KDF_DO_REQUIRED_DEFINE="#undef KDF_DO_REQUIRED" fi ### !!! Replace following string of "FSIJ" to yours !!! #### SERIALNO="FSIJ-$(sed -e 's%^[^/]*/%%' <../VERSION)-" SERIALNO_STR_LEN_DEFINE="#define SERIALNO_STR_LEN ${#SERIALNO}" if test "$sys1_compat" = "yes"; then CONFIG="$target:dfu=$with_dfu:certdo=$certdo:factory_reset=$factory_reset:kdf=$kdf_do" else if test "$with_dfu" = "yes"; then echo "Common binary can't support DFU loader, don't use --with-dfu." >&2 exit 1 fi # Override settings for common binary. Safer side. FLASH_PAGE_SIZE=2048 FLASH_SIZE=128 MEMORY_SIZE=20 CONFIG="common:certdo=$certdo:factory_reset=$factory_reset:kdf=$kdf_do" fi output_vid_pid_version () { echo "$VIDPID" | \ sed -n -e "s%^\([0-9a-f][0-9a-f]\)\([0-9a-f][0-9a-f]\):\([0-9a-f][0-9a-f]\)\([0-9a-f][0-9a-f]\)$%\1\t\2\t\3\t\4%p" | \ while read -r FIRST SECOND THIRD FOURTH; do if test $FIRST != 00; then echo replace_vid_msb $FIRST fi if test $SECOND != 00; then echo replace_vid_lsb $SECOND fi if test $THIRD != 00; then echo replace_pid_msb $THIRD fi if test $FOURTH != 00; then echo replace_pid_lsb $FOURTH fi done echo "$VERSION" | \ sed -n -e "s%^\([0-9a-f][0-9a-f]\)\([0-9a-f][0-9a-f]\)$%\1\t\2%p" | \ while read -r FIRST SECOND; do if test $FIRST != 00; then echo replace_bcd_device_msb $FIRST fi if test $SECOND != 00; then echo replace_bcd_device_lsb $SECOND fi done } output_vendor_product_serial_strings () { name=$1 echo "static const uint8_t ${name}string_vendor[] = {" echo " ${#VENDOR}*2+2, /* bLength */" echo " STRING_DESCRIPTOR, /* bDescriptorType */" echo " /* Manufacturer: \"$VENDOR\" */" echo "$VENDOR" | sed -e "s/\(........\)/\1\\${nl}/g" | sed -n -e "s/\(.\)/'\1', 0, /g" -e "s/^/ /" -e "/^ ./s/ $//p" echo '};' echo echo "static const uint8_t ${name}string_product[] = {" echo " ${#PRODUCT}*2+2, /* bLength */" echo " STRING_DESCRIPTOR, /* bDescriptorType */" echo " /* Product name: \"$PRODUCT\" */" echo "$PRODUCT" | sed -e "s/\(........\)/\1\\${nl}/g" | sed -n -e "s/\(.\)/'\1', 0, /g" -e "s/^/ /" -e "/^ ./s/ $//p" echo '};' if test -n "$name"; then echo echo "const uint8_t ${name}string_serial[] = {" echo " ${#SERIALNO}*2+2+16, /* bLength */" echo " STRING_DESCRIPTOR, /* bDescriptorType */" echo " /* Serial number: \"$SERIALNO\" */" echo "$SERIALNO" | sed -e "s/\(........\)/\1\\${nl}/g" | sed -n -e "s/\(.\)/'\1', 0, /g" -e "s/^/ /" -e "/^ ./s/ $//p" if test "$emulation" = "yes"; then echo " 'E', 0, 'M', 0, 'U', 0, 'L', 0," echo " 'A', 0, 'T', 0, 'E', 0, 'D', 0," else echo " 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff," echo " 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff," fi echo '};' echo echo '#ifdef USB_STRINGS_FOR_GNUK' echo "static const uint8_t ${name}revision_detail[] = {" echo " ${#REVISION}*2+2, /* bLength */" echo " STRING_DESCRIPTOR, /* bDescriptorType */" echo " /* revision detail: \"$REVISION\" */" echo "$REVISION" | sed -e "s/\(........\)/\1\\${nl}/g" | sed -n -e "s/\(.\)/'\1', 0, /g" -e "s/^/ /" -e "/^ ./s/ $//p" echo '};' echo echo "static const uint8_t ${name}config_options[] = {" echo " ${#CONFIG}*2+2, /* bLength */" echo " STRING_DESCRIPTOR, /* bDescriptorType */" echo " /* configure options: \"$CONFIG\" */" echo $CONFIG | sed -e "s/\(........\)/\1\\${nl}/g" | sed -n -e "s/\(.\)/'\1', 0, /g" -e "s/^/ /" -e "/^ ./s/ $//p" echo '};' echo '#endif' fi } (echo "#! /bin/bash" echo echo 'source "binary-edit.sh"') > put-vid-pid-ver.sh if !(IFS=" " while read -r VIDPID VERSION PRODUCT VENDOR; do if test "$vidpid" = "$VIDPID"; then echo >> put-vid-pid-ver.sh echo 'addr=$file_off_ADDR' >> put-vid-pid-ver.sh output_vid_pid_version >> put-vid-pid-ver.sh output_vendor_product_serial_strings gnuk_ >usb-strings.c.inc exit 0 fi done; exit 1) < ../GNUK_USB_DEVICE_ID then echo "Please specify valid Vendor ID and Product ID." >&2 echo "Check ../GNUK_USB_DEVICE_ID." >&2 exit 1 fi if test "$sys1_compat" = "no"; then # Disable when you are sure that it's sys version 3.0 or later. # Note that Gnuk 1.0 and NeuG (until 0.06) uses sys version 1.0. # Disabling the compatibility, executable will be target independent, # assuming the clock initialization will be done by clock_init in # SYS. use_sys3="-DUSE_SYS3" else use_sys3="" fi (echo "CHIP=$chip"; echo "ARCH=$arch"; echo "EMULATION=$emulation"; echo "CROSS=$cross"; echo "MCU=$mcu"; echo "DEFS=$use_sys3 $flash_override $def_emulation $def_memory_size $def_mhz"; echo "LDSCRIPT=$ldscript"; echo "LIBS=$libs"; echo "ENABLE_FRAUCHEKY=$enable_fraucheky"; echo "ENABLE_OUTPUT_HEX=$enable_hexoutput" if test "$ackbtn_support" = "yes"; then echo "USE_ACKBTN=yes" fi if test "$with_dfu" = "yes"; then echo "USE_DFU=yes" fi if test "$emulation" = "yes"; then echo "prefix=$prefix" echo "exec_prefix=$exec_prefix" echo "libexecdir=$libexecdir" fi ) > config.mk if test "$certdo" = "yes"; then sed -e "/^@CERTDO_SUPPORT_START@$/ d" -e "/^@CERTDO_SUPPORT_END@$/ d" \ -e "s/@ORIGIN@/$ORIGIN/" -e "s/@FLASH_SIZE@/$FLASH_SIZE/" \ -e "s/@MEMORY_SIZE@/$MEMORY_SIZE/" \ -e "s/@FLASH_PAGE_SIZE@/$FLASH_PAGE_SIZE/" \ < gnuk.ld.in > gnuk.ld else sed -e "/^@CERTDO_SUPPORT_START@$/,/^@CERTDO_SUPPORT_END@$/ d" \ -e "s/@ORIGIN@/$ORIGIN/" -e "s/@FLASH_SIZE@/$FLASH_SIZE/" \ -e "s/@MEMORY_SIZE@/$MEMORY_SIZE/" \ -e "s/@FLASH_PAGE_SIZE@/$FLASH_PAGE_SIZE/" \ < gnuk.ld.in > gnuk.ld fi sed -e "s/@ORIGIN_REAL@/$ORIGIN_REAL/" -e "s/@MEMORY_SIZE@/$MEMORY_SIZE/" \ < stdaln-sys.ld.in > stdaln-sys.ld sed -e "s/@DFU_DEFINE@/$DFU_DEFINE/" \ -e "s/@ORIGIN_DEFINE@/$ORIGIN_DEFINE/" \ -e "s/@ORIGIN_REAL_DEFINE@/$ORIGIN_REAL_DEFINE/" \ -e "s/@CERTDO_DEFINE@/$CERTDO_DEFINE/" \ -e "s/@LIFE_CYCLE_MANAGEMENT_DEFINE@/$LIFE_CYCLE_MANAGEMENT_DEFINE/" \ -e "s/@ACKBTN_DEFINE@/$ACKBTN_DEFINE/" \ -e "s/@SERIALNO_STR_LEN_DEFINE@/$SERIALNO_STR_LEN_DEFINE/" \ -e "s/@KDF_DO_REQUIRED_DEFINE@/$KDF_DO_REQUIRED_DEFINE/" \ < config.h.in > config.h exit 0 -------------- next part -------------- A non-text attachment was scrubbed... Name: adc-stm32f103.c Type: text/x-csrc Size: 10467 bytes Desc: not available URL: From gniibe at fsij.org Tue Feb 18 02:10:20 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Tue, 18 Feb 2025 10:10:20 +0900 Subject: Help with new board Blue Pill Plus with gnuk In-Reply-To: <2ae47c94-d61f-41c9-888a-6a58539ce7e9@free.fr> References: <87ldu5tlmf.fsf@haruna.fsij.org> <2ae47c94-d61f-41c9-888a-6a58539ce7e9@free.fr> Message-ID: <87zfikkqgz.fsf@haruna.fsij.org> Hello, Fr?d?ric SUEL wrote: > Yes, i made the test twice? (compiling and executing). Thank you for your confirmation. I think that I misunderstood your questions In the previous mail of yours, you wrote: > 1) RSA support with key-attr is always available but doesn't work > 2) I can't find with key-attr X448 or Ed448 support And then, I asked: > Are you sure if it's Gnuk 2.2? As the CLI interaction example above > shows, it works for me (no RSA, has X448 and Ed448 support). With Gnuk 2.2, you can confirm that there is no RSA support but X448 and Ed448 support by executing following command: $ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye Here is my revised answer. * UI of GnuPG always asks users blindly for RSA option, even if the card/token doesn't have RSA support. I agree that it's good to be improved. * You need --expert option with "gpg --card-edit" to enable other ECC support like X448 and Ed448. -- From frederic.suel at free.fr Tue Feb 18 12:29:39 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Tue, 18 Feb 2025 12:29:39 +0100 Subject: Help with new board Blue Pill Plus with gnuk In-Reply-To: <87zfikkqgz.fsf@haruna.fsij.org> References: <87ldu5tlmf.fsf@haruna.fsij.org> <2ae47c94-d61f-41c9-888a-6a58539ce7e9@free.fr> <87zfikkqgz.fsf@haruna.fsij.org> Message-ID: <588a227d-e52e-4436-b166-501cc4fb5268@free.fr> Hi, I think it becomes clear for me (see below). Thanks. --------------------------------------------------------------- I understand that with Gnuk 2.2? : --$ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye tell me all the algorithms available on the Gnuk Card (see below with my Blue Pill Plus board) -------- gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye S KEY-ATTR-INFO OPENPGP.1 secp256k1 S KEY-ATTR-INFO OPENPGP.1 ed25519 S KEY-ATTR-INFO OPENPGP.1 ed448 S KEY-ATTR-INFO OPENPGP.2 secp256k1 S KEY-ATTR-INFO OPENPGP.2 cv25519 S KEY-ATTR-INFO OPENPGP.2 cv448 S KEY-ATTR-INFO OPENPGP.3 secp256k1 S KEY-ATTR-INFO OPENPGP.3 ed25519 S KEY-ATTR-INFO OPENPGP.3 ed448 OK -------- -- gpg --expert --card-edit show me all algoritms available with GnuPG even algorithms not available in Gnuk Card as RSA and ECC/choice number 3, 4, 5, 6, 7 and 8 in the example (see below with my Blue Pill Plus board) -------- $ gpg --expert --card-edit Reader ...........: 1209:2440:FSIJ-2.2-43112959:0 Application ID ...: D276000124010200FFFE431129590000 Application type .: OpenPGP Version ..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number ....: 43112959 Name of cardholder: [non positionn?] Language prefs ...: [non positionn?] Salutation .......: URL of public key : [non positionn?] Login data .......: [non positionn?] Signature PIN ....: forc? Key attributes ...: secp256k1 secp256k1 secp256k1 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 KDF setting ......: on UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg/carte> admin Les commandes d'administration sont permises gpg/carte> key-attr Changing card key attribute for: Signature key S?lectionnez le type de clef d?sir??: (1) RSA (2) ECC Quel est votre choix?? 2 S?lectionnez le type de courbe elliptique d?sir??: (1) Curve 25519 *default* (2) Curve 448 (3) NIST P-256 (4) NIST P-384 (5) NIST P-521 (6) Brainpool P-256 (7) Brainpool P-384 (8) Brainpool P-512 (9) secp256k1 Quel est votre choix?? -------- --------------------------------------------------------------- I tried to configure the board first with secp256k1 then with Curve 448 and : -- i can select both algorithms, and the result with the list command is ok - but, i can't generate keys with secp256k1, i get "?chec de g?n?ration de la clef?: Conditions d'utilisation non satisfaites" : fail to generate key : used conditions not satisfied - but, i can't generate keys with Curve 448, i get "?chec de g?n?ration de la clef?: Erreur de carte" : fail to generate key : board error Curve 25519 keys generation works fine With gnuPG 2.4.4 on LinuxMint 21.3 Best regards Le 18/02/2025 ? 02:10, NIIBE Yutaka a ?crit?: > Hello, > > Fr?d?ric SUEL wrote: >> Yes, i made the test twice? (compiling and executing). > Thank you for your confirmation. > > I think that I misunderstood your questions > > In the previous mail of yours, you wrote: >> 1) RSA support with key-attr is always available but doesn't work >> 2) I can't find with key-attr X448 or Ed448 support > And then, I asked: >> Are you sure if it's Gnuk 2.2? As the CLI interaction example above >> shows, it works for me (no RSA, has X448 and Ed448 support). > With Gnuk 2.2, you can confirm that there is no RSA support > but X448 and Ed448 support by executing following command: > > $ gpg-connect-agent "scd getattr KEY-ATTR-INFO" /bye > > > Here is my revised answer. > > * UI of GnuPG always asks users blindly for RSA option, even if the > card/token doesn't have RSA support. I agree that it's good to be > improved. > > * You need --expert option with "gpg --card-edit" to enable other ECC > support like X448 and Ed448. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gniibe at fsij.org Thu Feb 20 07:20:41 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 20 Feb 2025 15:20:41 +0900 Subject: Help with new board Blue Pill Plus with gnuk In-Reply-To: <588a227d-e52e-4436-b166-501cc4fb5268@free.fr> References: <87ldu5tlmf.fsf@haruna.fsij.org> <2ae47c94-d61f-41c9-888a-6a58539ce7e9@free.fr> <87zfikkqgz.fsf@haruna.fsij.org> <588a227d-e52e-4436-b166-501cc4fb5268@free.fr> Message-ID: <87seo9kuh2.fsf@haruna.fsij.org> Hello, Thank you for your testing. Fr?d?ric SUEL wrote: > I tried to configure the board first with secp256k1 then with Curve 448 > and : > > -- i can select both algorithms, and the result with the list command is ok > > - but, i can't generate keys with secp256k1, i get "?chec de g?n?ration > de la clef?: Conditions d'utilisation non satisfaites" : fail to > generate key : used conditions not satisfied This error may mean, you didn't configure KDF-DO, which is required for Gnuk 2.2. I wonder if it's the case. > - but, i can't generate keys with Curve 448, i get "?chec de g?n?ration > de la clef?: Erreur de carte" : fail to generate key : board error Ah, Curve448 is not covered by the tests/ in Gnuk. It seems there is bugs around its private key size. Here is a fix (of today). Not tested yet. diff --git a/src/openpgp-do.c b/src/openpgp-do.c index 2ad7853..2fc5aea 100644 --- a/src/openpgp-do.c +++ b/src/openpgp-do.c @@ -1340,7 +1340,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, else if (attr == ALGO_X448) { pubkey_len = prvkey_len; - if (prvkey_len != 56) + if (prvkey_len != 64) return -1; } else @@ -1583,14 +1583,15 @@ proc_key_import (const uint8_t *data, int len) } else if (attr == ALGO_X448) { - uint8_t priv[56]; + uint8_t priv[64]; if (len - 12 != 56) return 0; /* Error. */ memcpy (priv, data+12, 56); + memset (priv+56, 0, 64-56); ecdh_compute_public_x448 (pubkey, priv); - r = gpg_do_write_prvkey (kk, priv, 56, keystring_admin, pubkey); + r = gpg_do_write_prvkey (kk, priv, 64, keystring_admin, pubkey); } if (r < 0) @@ -2287,7 +2288,7 @@ gpg_do_keygen (uint8_t *buf) enum kind_of_key kk = kkb_to_kk (kk_byte); int attr = gpg_get_algo_attr (kk);; int prvkey_len = gpg_get_algo_attr_key_size (kk, GPG_KEY_PRIVATE); - const uint8_t *prv; + uint8_t *prv; const uint8_t *rnd; int r = 0; #define p_q (&buf[3]) @@ -2359,6 +2360,8 @@ gpg_do_keygen (uint8_t *buf) random_bytes_free (rnd); prv = d; ed448_compute_public (pubkey, prv); + memset (prv+114, 0, 128-114); + prvkey_len = 128; pubkey[57] = 0; } else if (attr == ALGO_X448) @@ -2369,6 +2372,8 @@ gpg_do_keygen (uint8_t *buf) rnd = random_bytes_get (); memcpy (d+32, rnd, 24); prv = d; + prvkey_len = 64; + memset (prv+56, 0, 64-56); ecdh_compute_public_x448 (pubkey, prv); } else -- From frederic.suel at free.fr Mon Feb 24 09:24:58 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Mon, 24 Feb 2025 09:24:58 +0100 Subject: Help with new board Blue Pill Plus with gnuk In-Reply-To: <87seo9kuh2.fsf@haruna.fsij.org> References: <87ldu5tlmf.fsf@haruna.fsij.org> <2ae47c94-d61f-41c9-888a-6a58539ce7e9@free.fr> <87zfikkqgz.fsf@haruna.fsij.org> <588a227d-e52e-4436-b166-501cc4fb5268@free.fr> <87seo9kuh2.fsf@haruna.fsij.org> Message-ID: <8f50237d-a8a0-4888-9aa9-894a7c17c0eb@free.fr> Hi, I made more tests (see below) regards your comments and try to put 448 keys on Gnuk too Best regards Le 20/02/2025 ? 07:20, NIIBE Yutaka a ?crit?: > Hello, > > Thank you for your testing. > > Fr?d?ric SUEL wrote: >> I tried to configure the board first with secp256k1 then with Curve 448 >> and : >> >> -- i can select both algorithms, and the result with the list command is ok >> >> - but, i can't generate keys with secp256k1, i get "?chec de g?n?ration >> de la clef?: Conditions d'utilisation non satisfaites" : fail to >> generate key : used conditions not satisfied > This error may mean, you didn't configure KDF-DO, which is required for > Gnuk 2.2. I wonder if it's the case. -------- KDF-DO is on and i get the same error --------------------------------------------------------------- LinuxMint gnupg 2.4.4 gpg --card-edit can't connect to 'socket:///home/yokosano/.gnupg/log-socket': Aucun fichier ou dossier de ce nom Reader ...........: 1209:2440:FSIJ-2.2-43112959:0 Application ID ...: D276000124010200FFFE431129590000 Application type .: OpenPGP Version ..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number ....: 43112959 Name of cardholder: [non positionn?] Language prefs ...: [non positionn?] Salutation .......: URL of public key : [non positionn?] Login data .......: [non positionn?] Signature PIN ....: forc? Key attributes ...: secp256k1 secp256k1 secp256k1 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 KDF setting ......: on UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: 24B4 8DE1 A850 0937 AB11? 600E 8A17 68BE 0C7A 9021 ????? created ....: 2025-02-18 11:17:54 Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg/carte> admin Les commandes d'administration sont permises gpg/carte> generate Faut-il faire une sauvegarde hors carte de la clef de chiffrement?? (O/n) n Faut-il remplacer les clefs existantes?? (o/N) o Veuillez noter que les configurations d'usine des codes personnels sont ? code?personnel = ??123456?????? code personnel d'admin. = ??12345678??. Vous devriez les modifier avec la commande --change-pin Veuillez indiquer le temps pendant lequel cette clef devrait ?tre valable. ??????? 0 = la clef n'expire pas ????? ? = la clef expire dans n?jours ????? w = la clef expire dans n?semaines ????? m = la clef expire dans n?mois ????? y = la clef expire dans n?ans Pendant combien de temps la clef est-elle valable?? (0) 10y La clef expire le dim. 18 f?vr. 2035 09:57:37 CET Est-ce correct?? (o/N) o GnuPG doit construire une identit? pour identifier la clef. Nom r?el?: test1 Adresse ?lectronique?: Commentaire?: Vous avez s?lectionn? cette identit??: ??? ??test1?? Changer le (N)om, le (C)ommentaire, l'(A)dresse ?lectronique ou (O)ui/(Q)uitter?? O ?chec de g?n?ration de la clef?: Conditions d'utilisation non satisfaites : used conditions not satisfied --------------------------------------------------------------- >> - but, i can't generate keys with Curve 448, i get "?chec de g?n?ration >> de la clef?: Erreur de carte" : fail to generate key : board error > Ah, Curve448 is not covered by the tests/ in Gnuk. > > It seems there is bugs around its private key size. Here is a fix (of today). > Not tested yet. > > diff --git a/src/openpgp-do.c b/src/openpgp-do.c > index 2ad7853..2fc5aea 100644 > --- a/src/openpgp-do.c > +++ b/src/openpgp-do.c > @@ -1340,7 +1340,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data, > else if (attr == ALGO_X448) > { > pubkey_len = prvkey_len; > - if (prvkey_len != 56) > + if (prvkey_len != 64) > return -1; > } > else > @@ -1583,14 +1583,15 @@ proc_key_import (const uint8_t *data, int len) > } > else if (attr == ALGO_X448) > { > - uint8_t priv[56]; > + uint8_t priv[64]; > > if (len - 12 != 56) > return 0; /* Error. */ > > memcpy (priv, data+12, 56); > + memset (priv+56, 0, 64-56); > ecdh_compute_public_x448 (pubkey, priv); > - r = gpg_do_write_prvkey (kk, priv, 56, keystring_admin, pubkey); > + r = gpg_do_write_prvkey (kk, priv, 64, keystring_admin, pubkey); > } > > if (r < 0) > @@ -2287,7 +2288,7 @@ gpg_do_keygen (uint8_t *buf) > enum kind_of_key kk = kkb_to_kk (kk_byte); > int attr = gpg_get_algo_attr (kk);; > int prvkey_len = gpg_get_algo_attr_key_size (kk, GPG_KEY_PRIVATE); > - const uint8_t *prv; > + uint8_t *prv; > const uint8_t *rnd; > int r = 0; > #define p_q (&buf[3]) > @@ -2359,6 +2360,8 @@ gpg_do_keygen (uint8_t *buf) > random_bytes_free (rnd); > prv = d; > ed448_compute_public (pubkey, prv); > + memset (prv+114, 0, 128-114); > + prvkey_len = 128; > pubkey[57] = 0; > } > else if (attr == ALGO_X448) > @@ -2369,6 +2372,8 @@ gpg_do_keygen (uint8_t *buf) > rnd = random_bytes_get (); > memcpy (d+32, rnd, 24); > prv = d; > + prvkey_len = 64; > + memset (prv+56, 0, 64-56); > ecdh_compute_public_x448 (pubkey, prv); > } > else --------------------------------------------------------------- I tried your patch and i get a error too : board error -------- gpg --expert --card-edit can't connect to 'socket:///home/yokosano/.gnupg/log-socket': Aucun fichier ou dossier de ce nom Reader ...........: 1209:2440:FSIJ-2.2-43112959:0 Application ID ...: D276000124010200FFFE431129590000 Application type .: OpenPGP Version ..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number ....: 43112959 Name of cardholder: [non positionn?] Language prefs ...: [non positionn?] Salutation .......: URL of public key : [non positionn?] Login data .......: [non positionn?] Signature PIN ....: forc? Key attributes ...: ed25519 cv25519 ed25519 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 KDF setting ......: off UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg/carte> admin Les commandes d'administration sont permises gpg/carte> key-attr Changing card key attribute for: Signature key S?lectionnez le type de clef d?sir??: ?? (1) RSA ?? (2) ECC Quel est votre choix?? 2 S?lectionnez le type de courbe elliptique d?sir??: ?? (1) Curve 25519 *default* ?? (2) Curve 448 ?? (3) NIST P-256 ?? (4) NIST P-384 ?? (5) NIST P-521 ?? (6) Brainpool P-256 ?? (7) Brainpool P-384 ?? (8) Brainpool P-512 ?? (9) secp256k1 Quel est votre choix?? 2 The card will now be re-configured to generate a key of type: ed448 Note: There is no guarantee that the card supports the requested ????? key type or size.? If the key generation does not succeed, ????? please check the documentation of your card to see which ????? key types and sizes are supported. Changing card key attribute for: Encryption key S?lectionnez le type de clef d?sir??: ?? (1) RSA ?? (2) ECC Quel est votre choix?? 2 S?lectionnez le type de courbe elliptique d?sir??: ?? (1) Curve 25519 *default* ?? (2) Curve 448 ?? (3) NIST P-256 ?? (4) NIST P-384 ?? (5) NIST P-521 ?? (6) Brainpool P-256 ?? (7) Brainpool P-384 ?? (8) Brainpool P-512 ?? (9) secp256k1 Quel est votre choix?? 2 The card will now be re-configured to generate a key of type: cv448 Changing card key attribute for: Authentication key S?lectionnez le type de clef d?sir??: ?? (1) RSA ?? (2) ECC Quel est votre choix?? 2 S?lectionnez le type de courbe elliptique d?sir??: ?? (1) Curve 25519 *default* ?? (2) Curve 448 ?? (3) NIST P-256 ?? (4) NIST P-384 ?? (5) NIST P-521 ?? (6) Brainpool P-256 ?? (7) Brainpool P-384 ?? (8) Brainpool P-512 ?? (9) secp256k1 Quel est votre choix?? 2 The card will now be re-configured to generate a key of type: ed448 gpg/carte> list Reader ...........: 1209:2440:FSIJ-2.2-43112959:0 Application ID ...: D276000124010200FFFE431129590000 Application type .: OpenPGP Version ..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number ....: 43112959 Name of cardholder: [non positionn?] Language prefs ...: [non positionn?] Salutation .......: URL of public key : [non positionn?] Login data .......: [non positionn?] Signature PIN ....: forc? Key attributes ...: ed448 cv448 ed448 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 KDF setting ......: off UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] gpg/carte> generate Faut-il faire une sauvegarde hors carte de la clef de chiffrement?? (O/n) Veuillez noter que les configurations d'usine des codes personnels sont ?? code?personnel = ??123456?????? code personnel d'admin. = ??12345678??. Vous devriez les modifier avec la commande --change-pin Veuillez indiquer le temps pendant lequel cette clef devrait ?tre valable. ???????? 0 = la clef n'expire pas ????? ? = la clef expire dans n?jours ????? w = la clef expire dans n?semaines ????? m = la clef expire dans n?mois ????? y = la clef expire dans n?ans Pendant combien de temps la clef est-elle valable?? (0) 10y La clef expire le mer. 21 f?vr. 2035 17:02:31 CET Est-ce correct?? (o/N) o GnuPG doit construire une identit? pour identifier la clef. Nom r?el?: test1 Adresse ?lectronique?: Commentaire?: Vous avez s?lectionn? cette identit??: ??? ??test1?? Changer le (N)om, le (C)ommentaire, l'(A)dresse ?lectronique ou (O)ui/(Q)uitter?? O ?chec de g?n?ration de la clef?: Erreur de carte : board error --------------------------------------------------------------- LinuxMint gnupg 2.4.4 I created X448 keys and try to put them on Gnuk --------------------------------- gpg --list-secret-keys sec?? ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire?: 2075-02-11] ???? Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48 D127D 4BA4E CAEB3 685B3 575E7 uid????????????????? [? ultime ] tmp ssb?? cv448/0x406CC6562774BC84 2025-02-23 [E] [expire?: 2075-02-11] ssb?? ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire?: 2075-02-11] --------------------------------- gpg --expert --edit-key 0xAA988F88C70C3DEE gpg (GnuPG) 2.4.4; Copyright (C) 2024 g10 Code GmbH This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. La clef secr?te est disponible. sec? ed448/0xAA988F88C70C3DEE ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: SC ???? confiance?: ultime??????? validit??: ultime ssb? cv448/0x406CC6562774BC84 ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: E ssb? ed448/0x02BB1F8E7A2B268A ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: A [? ultime ] (1). tmp gpg> keytocard Faut-il vraiment d?placer la clef principale?? (o/N) o Veuillez s?lectionner l'endroit o? stocker la clef?: ?? (1) Clef de signature ?? (3) Clef d'authentification Quel est votre choix?? 1 Faut-il remplacer la clef existante?? (o/N) o sec? ed448/0xAA988F88C70C3DEE ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: SC ???? confiance?: ultime??????? validit??: ultime ssb? cv448/0x406CC6562774BC84 ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: E ssb? ed448/0x02BB1F8E7A2B268A ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: A [? ultime ] (1). tmp Note: the local copy of the secret key will only be deleted with "save". gpg> key 1 sec? ed448/0xAA988F88C70C3DEE ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: SC ???? confiance?: ultime??????? validit??: ultime ssb* cv448/0x406CC6562774BC84 ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: E ssb? ed448/0x02BB1F8E7A2B268A ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: A [? ultime ] (1). tmp gpg> keytocard Veuillez s?lectionner l'endroit o? stocker la clef?: ?? (2) Clef de chiffrement Quel est votre choix?? 2 Faut-il remplacer la clef existante?? (o/N) o sec? ed448/0xAA988F88C70C3DEE ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: SC ???? confiance?: ultime??????? validit??: ultime ssb* cv448/0x406CC6562774BC84 ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: E ssb? ed448/0x02BB1F8E7A2B268A ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: A [? ultime ] (1). tmp Note: the local copy of the secret key will only be deleted with "save". gpg> key 1 sec? ed448/0xAA988F88C70C3DEE ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: SC ???? confiance?: ultime??????? validit??: ultime ssb? cv448/0x406CC6562774BC84 ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: E ssb? ed448/0x02BB1F8E7A2B268A ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: A [? ultime ] (1). tmp gpg> key 2 sec? ed448/0xAA988F88C70C3DEE ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: SC ???? confiance?: ultime??????? validit??: ultime ssb? cv448/0x406CC6562774BC84 ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: E ssb* ed448/0x02BB1F8E7A2B268A ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: A [? ultime ] (1). tmp gpg> keytocard Veuillez s?lectionner l'endroit o? stocker la clef?: ?? (3) Clef d'authentification Quel est votre choix?? 2 Choix incorrect. Quel est votre choix?? 3 Faut-il remplacer la clef existante?? (o/N) o sec? ed448/0xAA988F88C70C3DEE ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: SC ???? confiance?: ultime??????? validit??: ultime ssb? cv448/0x406CC6562774BC84 ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: E ssb* ed448/0x02BB1F8E7A2B268A ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: A [? ultime ] (1). tmp Note: the local copy of the secret key will only be deleted with "save". gpg> key 2 sec? ed448/0xAA988F88C70C3DEE ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: SC ???? confiance?: ultime??????? validit??: ultime ssb? cv448/0x406CC6562774BC84 ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: E ssb? ed448/0x02BB1F8E7A2B268A ???? cr???: 2025-02-23? expire?: 2075-02-11? utilisation?: A [? ultime ] (1). tmp gpg> save --------------------------------- The results is with gpg --list-secret-keys sec#? ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire?: 2075-02-11] ????? Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48 D127D 4BA4E CAEB3 685B3 575E7 uid????????????????? [? ultime ] tmp ssb>? cv448/0x406CC6562774BC84 2025-02-23 [E] [expire?: 2075-02-11] ssb#? ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire?: 2075-02-11] -------- It seems that transfert of SC and A keys failed (# indicator). It succeed with E key and I can? encrypt and decrypt with it. -------- -------------- next part -------------- An HTML attachment was scrubbed... URL: