From alexandre.esse.dev at gmail.com Thu Mar 6 23:47:15 2025 From: alexandre.esse.dev at gmail.com (Alexandre Esse) Date: Thu, 6 Mar 2025 23:47:15 +0100 Subject: [chopstx] Add support for Blue Pill Plus board Message-ID: Hello, Here is a short message to notify the mailing list that I proposed a merge request on chopstx: https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1 This is the first step to add gnuk support for Blue Pill Plus boards . Not sure if this is the way to contribute: looking forward to your feedback. Regards, Alexandre -------------- next part -------------- An HTML attachment was scrubbed... URL: From frederic.suel at free.fr Fri Mar 7 10:00:26 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Fri, 7 Mar 2025 10:00:26 +0100 Subject: [chopstx] Add support for Blue Pill Plus board In-Reply-To: References: Message-ID: <08a19b9b-1db0-4da3-b1e9-9a69d26df2b3@free.fr> Ref : Post on the gnuk list : Fr?d?ric SUEL frederic.suel at free.fr Mon Feb 17 11:13:25 CET 2025 Hi, Thank you for your interest for this board. When i asked help about this board, i proposed a file board-blue-pill-plus-cb.h because this board exist with 4 arm processor and two riscv processors. I indicated cd because there is STM32F103C8T6 (64k)? and CBT6 (128k). To take care of 64K version, you have to add code in /gnuk/src/.configure. (see my post) For my blue-pilll-board stm32F103CB, i have #define BOARD_ID??? 0x1ba01477 (see my post). Perhaps your board is a STM32F103C6T6 board, i don't know why IDs are different For instance, i doesn't take care of ackbutton because there is a supplementary problem as PA0 is used for it's ADC and for entropy generation. I think you have to modify /gnuk/chopstx/contrib/adc-stm32ff103.c but i doesn't know how. ---- So i just created /gnuk/board/board-blue-pill-plus-cb.h, modified /gnuk/src/.configure to add definition of BLUE-PILL-PLLUS-CB and/**/chopstx/mcu/sys-stm31f103.h for my first tests and doesn't take care of ackbutton on PA0 I get : -- works fine with curve25519 : generation on the board and import on the board. -- impossibility to generate secp256k1 on the board even with KDF-DO activate as Niibe suggested (msg : used conditions not satisfied) -- impossibility to generate X448 on the board even with Niibe patch (msg : board error) -- impossibility to import X448 on the board. It seems to work but only encrypt key is on the board and works. The other keys are marked as # .? I get with gpg --list-secret-keys sec#? ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire?: 2075-02-11] Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48 D127D 4BA4E CAEB3 685B3 575E7 uid????????????????? [? ultime ] tmp ssb>? cv448/0x406CC6562774BC84 2025-02-23 [E] [expire?: 2075-02-11] ssb#? ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire?: 2075-02-11] ---- Can you precise what's work with your board ? Best regards Le 06/03/2025 ? 23:47, Alexandre Esse a ?crit?: > Hello, > > Here is a short message to notify the mailing list that I proposed a > merge request on chopstx: > https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1 > > This is the first step to add gnuk support for Blue Pill Plus boards > . > > Not sure if this is the way to contribute: looking forward to your > feedback. > > Regards, > Alexandre > > _______________________________________________ > Gnuk-users mailing list > Gnuk-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnuk-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From gniibe at fsij.org Thu Mar 13 03:26:25 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Thu, 13 Mar 2025 11:26:25 +0900 Subject: Help with new board Blue Pill Plus with gnuk In-Reply-To: <8f50237d-a8a0-4888-9aa9-894a7c17c0eb@free.fr> References: <87ldu5tlmf.fsf@haruna.fsij.org> <2ae47c94-d61f-41c9-888a-6a58539ce7e9@free.fr> <87zfikkqgz.fsf@haruna.fsij.org> <588a227d-e52e-4436-b166-501cc4fb5268@free.fr> <87seo9kuh2.fsf@haruna.fsij.org> <8f50237d-a8a0-4888-9aa9-894a7c17c0eb@free.fr> Message-ID: <877c4tekdq.fsf@haruna.fsij.org> Fr?d?ric SUEL wrote: > I made more tests (see below) regards your comments and try to put 448 > keys on Gnuk too Thanks for your testing. I found a bug for Ed448 key and pushed fixes. Also, I added test cases for Ed448 and X448 under gnuk/tests. (I added the feature of supporting Ed448/X448 keys around 2019, but it was not covered by gnuk/tests. Apparently, it was broken after private key encryption method was changed. Ed448 private key is a bit different because its private key length is not even.) Latest commit is: 438d89db8dd927ebaa4e93c2149f8ef9879168de Yet, I haven't locate/identify-ed the problem of your secp256k1 key. -- From frederic.suel at free.fr Thu Mar 13 15:55:23 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Thu, 13 Mar 2025 15:55:23 +0100 Subject: Gnuk on a new PC Message-ID: <18fcdfe2-3275-4e4c-8651-b616377e6ae8@free.fr> Hello, I try to install my old Gnuk key on fresh LinuxMint 22.1 install (based on Ubuntu 24.04) with gnupg 2.4.4/libcrypt 1.10.3? and in encountered some problems I read topics from January 2018 to now and don't find anything about that. --------------------------------------------------------------- My configuration with SSH support I follow Niibe guide : https://www.fsij.org/doc-gnuk/ - add scdaemon & gpa - create /etc/udev/rules.d/60-gnuk.rules (not packaged on ubuntu with scdaemon) - create gpg-agent.conf with enable-ssh-agent - stop ssh-agent and comment use-ssh-agent in /etc/X11/Xsession.options - add to my .bashrc ??? export GPG_TTY=$(tty) ??? gpg-connect-agent updatestartuptty /bye >/dev/null ??? unset SSH_AGENT_PID ??? if [ "${gnupg_SSH_AUTH_SOCK_by:-0}" -ne $$ ]; then ??? export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" ??? fi - import my public key with gpg --import publickey.asc - run gpg --card-status for recreate stubs. - with gpa change trust to ultimate NB : gnome-keyring is not install --------------------------------------------------------------- - I can see my gnuk key with lsusb - I can't see my subskeys with gpg --list-keys ??? gpg --list-keys ??? /home/tyty/.gnupg/pubring.kbx ??? ----------------------------- ??? pub?? rsa4096 2019-07-02 [C] [expir?e?: 2022-07-01] ?? ?????? 3AC88726F43C20286B77751A1FBE94346FAC9A31 ??? uid????????? [ expir?e ] yoko.san at free.fr - I can't see my subkeys with GPA - My subkeys are create in ~/.gnupg/private-keys-v1.d/ - When i run gpg --card-status or gpg-card i can see my privates keys as stubs ??? gpg --card-status ??? Reader ...........: 234B:0000:FSIJ-1.2.10-87195054:0 ??? ??? Application ID ...: D276000124010200FFFE871950540000 ??? Application type .: OpenPGP : 2.0 ??? Manufacturer .....: unmanaged S/N range ??? Serial number ....: 87195054 ?? ? of cardholder: Clef SSH ??? Language prefs ...: fr ??? Salutation .......: ??? URL of public key : [non positionn?] ??? Login data .......: [non positionn?] ??? Signature PIN ....: forc? ??? Key attributes ...: ed25519 cv25519 ed25519 ??? Max. PIN lengths .: 127 127 127 ??? PIN retry counter : 3 3 3 ??? ??? Signature counter : 11 KDF setting ......: off ?? ? key ....: D731 714E 624F D926 08F9? 6160 4CB3 0018 D47A 6367 ?? ?????? created ....: 2019-07-02 14:46:07 ??? Encryption key....: 2952 3ACD B92C 78A7 982D? ABE1 71F6 F98C A312 34FD ?? ?????? created ....: 2019-07-02 14:47:50 ??? Authentication key: B590 F576 B10A 6255 1795? 783A ABBB F6B4 F88A 354D ?? ?????? created ....: 2019-07-02 14:47:14 ??? General key info..: sub? ed25519/4CB30018D47A6367 2019-07-02 yoko.san at free.fr ??? sec#? rsa4096/1FBE94346FAC9A31? cr???: 2019-07-02? expire?: 2022-07-01 ??? ssb>? ed25519/4CB30018D47A6367? cr???: 2019-07-02 expire?: 2022-07-01 ?? ???????????????????????????????? n? de carte?: FFFE 87195054 ??? ssb>? ed25519/ABBBF6B4F88A354D? cr???: 2019-07-02 expire?: 2022-07-01 ?? ???????????????????????????????? n? de carte?: FFFE 87195054 ??? ssb>? cv25519/71F6F98CA31234FD? cr???: 2019-07-02 expire?: 2022-07-01 ?? ???????????????????????????????? n? de carte?: FFFE 87195054 --------------------------------------------------------------- Did i miss something ? Thank you for you help. Best regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexandre.esse.dev at gmail.com Thu Mar 13 19:52:45 2025 From: alexandre.esse.dev at gmail.com (Alexandre Esse) Date: Thu, 13 Mar 2025 19:52:45 +0100 Subject: [chopstx] Add support for Blue Pill Plus board In-Reply-To: <08a19b9b-1db0-4da3-b1e9-9a69d26df2b3@free.fr> References: <08a19b9b-1db0-4da3-b1e9-9a69d26df2b3@free.fr> Message-ID: Hello Fr?d?ric, Great, I didn't see you already did some integration developments on this board, I just joined the mailing list and didn't look extensively into the history. For now I only pushed the chopstx part but indeed, gnuk itself should also be updated. I also have the STM32F103CBT6 version of the board. (marked as v1.1 on the PCB: not sure what it means: I opened an Issue on github and send an email to WeAct support to get some info: https://github.com/WeActStudio/BluePill-Plus/issues/19) I have been testing both on the 1.2.20 branch and 2.2. But I guess I will stay on v2.2 for the rest of my tests. Here are the remaining tweaks I did on v2.2 ( de9652726b1ce52b21e939c6989dda0268b5c640) of gnuk to make it work: diff --git a/src/configure b/src/configure index 1188a72..4ff7d1a 100755 --- a/src/configure +++ b/src/configure @@ -130,6 +130,7 @@ Configuration: ST_NUCLEO_F103 NITROKEY_START BLUE_PILL + BLUE_PILL_PLUS STM8S_DISCOVERY CQ_STARM STM32_PRIMER2 @@ -164,7 +165,7 @@ MEMORY_SIZE=20 # Settings for TARGET case $target in -BLUE_PILL|STM8S_DISCOVERY) +BLUE_PILL|BLUE_PILL_PLUS|STM8S_DISCOVERY) # It's 64KB version of STM32F103, but actually has 128KB flash_override="-DSTM32F103_OVERRIDE_FLASH_SIZE_KB=128" ;; I haven't been testing "on-the-token" key generation. I only transferred to it from a host PC. I always had KDF-DO activated. The main issue I get is when I try to "reset" the token, it simply doesn't work but I haven't been investigating it. Also some PIN management's actions seem shaky (but there is a possibility that this is due to my lack of experience on gnuk tokens too). So for now, I tested the key with this kind of secret keys I get with 'gpg --list-secret-keys': sec> ed25519 2025-03-13 [SC] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Card serial no. = FFFF 00000000 uid [ultimate] Tmp Tmp ssb> cv25519 2025-03-13 [E] ssb> ed25519 2025-03-13 [A] I managed to sign, decrypt data and authenticate through ssh sessions with it. PB2 as LED is working and PA0 as ACK button is also working fine, I haven't seen any issue for these use-case in a week. Regards, Alexandre On Fri, 7 Mar 2025 at 10:00, Fr?d?ric SUEL wrote: > Ref : Post on the gnuk list : Fr?d?ric SUEL frederic.suel at free.fr Mon > Feb 17 11:13:25 CET 2025 > > Hi, > > Thank you for your interest for this board. > > When i asked help about this board, i proposed a file > board-blue-pill-plus-cb.h because this board exist with 4 arm processor and > two riscv processors. I indicated cd because there is STM32F103C8T6 (64k) > and CBT6 (128k). To take care of 64K version, you have to add code in > /gnuk/src/.configure. (see my post) > > For my blue-pilll-board stm32F103CB, i have #define BOARD_ID 0x1ba01477 (see > my post). Perhaps your board is a STM32F103C6T6 board, i don't know why IDs > are different > > For instance, i doesn't take care of ackbutton because there is a > supplementary problem as PA0 is used for it's ADC and for entropy > generation. I think you have to modify > /gnuk/chopstx/contrib/adc-stm32ff103.c but i doesn't know how. > > ---- > > So i just created /gnuk/board/board-blue-pill-plus-cb.h, modified > /gnuk/src/.configure to add definition of BLUE-PILL-PLLUS-CB and chopstx/mcu/sys-stm31f103.h > for my first tests and doesn't take care of ackbutton on PA0 > > I get : > > -- works fine with curve25519 : generation on the board and import on the > board. > > -- impossibility to generate secp256k1 on the board even with KDF-DO > activate as Niibe suggested (msg : used conditions not satisfied) > > -- impossibility to generate X448 on the board even with Niibe patch (msg > : board error) > > -- impossibility to import X448 on the board. It seems to work but only > encrypt key is on the board and works. The other keys are marked as # . I > get with gpg --list-secret-keys > > sec# ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire : 2075-02-11] > > Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48 D127D 4BA4E CAEB3 > 685B3 575E7 > > uid [ ultime ] tmp > > ssb> cv448/0x406CC6562774BC84 2025-02-23 [E] [expire : 2075-02-11] > > ssb# ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire : 2075-02-11] > > ---- > > Can you precise what's work with your board ? > > Best regards > > > > Le 06/03/2025 ? 23:47, Alexandre Esse a ?crit : > > Hello, > > Here is a short message to notify the mailing list that I proposed a merge > request on chopstx: > https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1 > > This is the first step to add gnuk support for Blue Pill Plus boards > . > > Not sure if this is the way to contribute: looking forward to your > feedback. > > Regards, > Alexandre > > _______________________________________________ > Gnuk-users mailing listGnuk-users at gnupg.orghttps://lists.gnupg.org/mailman/listinfo/gnuk-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gniibe at fsij.org Fri Mar 14 06:18:39 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 14 Mar 2025 14:18:39 +0900 Subject: [chopstx] Add support for Blue Pill Plus board In-Reply-To: References: Message-ID: <87plik42c0.fsf@haruna.fsij.org> Alexandre Esse wrote: > Here is a short message to notify the mailing list that I proposed a merge > request on chopstx: > https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1 > > This is the first step to add gnuk support for Blue Pill Plus boards > . > > Not sure if this is the way to contribute: looking forward to your feedback. Thank you, merged. Perhaps, it was not good to just push the "Merge" button on the web. It were good to cherry pick your change to make history straight. -- From gniibe at fsij.org Fri Mar 14 06:47:21 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 14 Mar 2025 14:47:21 +0900 Subject: Help with new board Blue Pill Plus with gnuk In-Reply-To: References: <87ldu5tlmf.fsf@haruna.fsij.org> <2ae47c94-d61f-41c9-888a-6a58539ce7e9@free.fr> <87zfikkqgz.fsf@haruna.fsij.org> <588a227d-e52e-4436-b166-501cc4fb5268@free.fr> <87seo9kuh2.fsf@haruna.fsij.org> Message-ID: <87msdo4106.fsf@haruna.fsij.org> Hello, Fr?d?ric SUEL wrote: > KDF-DO is on and i get the same error I re-read the log of your experiment. > --------------------------------------------------------------- > > LinuxMint gnupg 2.4.4 > > gpg --card-edit > can't connect to 'socket:///home/yokosano/.gnupg/log-socket': Aucun > fichier ou dossier de ce nom > > Reader ...........: 1209:2440:FSIJ-2.2-43112959:0 > Application ID ...: D276000124010200FFFE431129590000 > Application type .: OpenPGP > Version ..........: 2.0 > Manufacturer .....: unmanaged S/N range > Serial number ....: 43112959 > Name of cardholder: [non positionn?] > Language prefs ...: [non positionn?] > Salutation .......: > URL of public key : [non positionn?] > Login data .......: [non positionn?] > Signature PIN ....: forc? > Key attributes ...: secp256k1 secp256k1 secp256k1 > Max. PIN lengths .: 127 127 127 > PIN retry counter : 3 3 3 > Signature counter : 0 > KDF setting ......: on > UIF setting ......: Sign=off Decrypt=off Auth=off > Signature key ....: 24B4 8DE1 A850 0937 AB11? 600E 8A17 68BE 0C7A 9021 > ????? created ....: 2025-02-18 11:17:54 > Encryption key....: [none] > Authentication key: [none] > General key info..: [none] Here, you already have a signing key on your Gnuk Token, but don't have other keys. I think that this is the part of reasons why you encountered the failure when invoking "generate" after seeing this status message. IIUC, the initial failure had been already occurred at your preceeding experiment (which generated the signing key). And something went wrong. After the initial failure, next invokation of "generate" failed. Could you please try generating secp256k1 with factory-reset status of Gnuk Token? For me, it works (and it is covered by gnuk/tests). -- From gniibe at fsij.org Fri Mar 14 07:00:35 2025 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 14 Mar 2025 15:00:35 +0900 Subject: Gnuk on a new PC In-Reply-To: <18fcdfe2-3275-4e4c-8651-b616377e6ae8@free.fr> References: <18fcdfe2-3275-4e4c-8651-b616377e6ae8@free.fr> Message-ID: <87jz8s40e4.fsf@haruna.fsij.org> Hello, I don't understand what is your problem. Fr?d?ric SUEL wrote: > - import my public key with gpg --import publickey.asc Can you share this file with me? I don't think there is anything confidential in this file, since it's a public key file. And how about the output of the following command invocation? gpg -k 4CB30018D47A6367 -- From frederic.suel at free.fr Fri Mar 14 17:42:52 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Fri, 14 Mar 2025 17:42:52 +0100 Subject: [chopstx] Add support for Blue Pill Plus board In-Reply-To: References: <08a19b9b-1db0-4da3-b1e9-9a69d26df2b3@free.fr> Message-ID: Hello, A lot of thanks for your work. See my observations /infra/. I hope it can help you. Best regards Le 13/03/2025 ? 19:52, Alexandre Esse a ?crit?: > Hello Fr?d?ric, > > Great, I didn't see you already did some integration developments on > this board, I just joined the mailing list and didn't look extensively > into the history. For now I only pushed the chopstx part but indeed, > gnuk itself should also be updated. > > I also have the STM32F103CBT6 version of the board. (marked as v1.1 on > the PCB: not sure what it means: I opened an Issue on github and send > an email to WeAct support to get some info: > https://github.com/WeActStudio/BluePill-Plus/issues/19) You can find the difference between V1.0 et V1.1 here : https://github.com/WeActStudio/WeActStudio.BluePill-Plus-CH32/tree/master/HDK It's for CH32 processor but the design of the boards are all the same. > > I have been testing both on the 1.2.20 branch and 2.2. But I guess I > will stay on v2.2 for the rest of my tests. > > Here are the remaining tweaks I did on v2.2 > (de9652726b1ce52b21e939c6989dda0268b5c640)of gnuk to make it work: > > diff --git a/src/configure b/src/configure > index 1188a72..4ff7d1a 100755 > --- a/src/configure > +++ b/src/configure > @@ -130,6 +130,7 @@ Configuration: > ? ? ? ? ? ? ? ? ? ? ? ? ? ?ST_NUCLEO_F103 > ? ? ? ? ? ? ? ? ? ? ? ? ? ?NITROKEY_START > ? ? ? ? ? ? ? ? ? ? ? ? ? ?BLUE_PILL > + ? ? ? ? ? ? ? ? ? ? ? ? ?BLUE_PILL_PLUS > ? ? ? ? ? ? ? ? ? ? ? ? ? ?STM8S_DISCOVERY > ? ? ? ? ? ? ? ? ? ? ? ? ? ?CQ_STARM > ? ? ? ? ? ? ? ? ? ? ? ? ? ?STM32_PRIMER2 > @@ -164,7 +165,7 @@ MEMORY_SIZE=20 > > ?# Settings for TARGET > ?case $target in > -BLUE_PILL|STM8S_DISCOVERY) > +BLUE_PILL|BLUE_PILL_PLUS|STM8S_DISCOVERY) > ? ?# It's 64KB version of STM32F103, but actually has 128KB > ? ?flash_override="-DSTM32F103_OVERRIDE_FLASH_SIZE_KB=128" > ? ?;; > There is STM32F103C6T6 (64K)? and CBT6 (128K), so i think your add relative to : # setting to target, is not necessary for CBT6 processor which have 128K memory. That's why i suggested to have multiple definition board to take care of different processor (arm and riscv) and different amount of memory > I haven't been testing "on-the-token" key generation. I only > transferred to it from a host PC. I always had KDF-DO activated. > The main issue I get is when I try to "reset" the token, it simply > doesn't work but I haven't been investigating it. > Also some PIN management's actions seem shaky (but there is a > possibility that this is due to my lack of experience on gnuk tokens too). > So for now, I tested the key with this kind of secret keys I get with > 'gpg --list-secret-keys': > sec> ?ed25519 2025-03-13 [SC] > ????? XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > ? ? ? Card serial no. = FFFF 00000000 > uid ? ? ? ? ? [ultimate] Tmp Tmp > ssb> ?cv25519 2025-03-13 [E] > ssb> ?ed25519 2025-03-13 [A] > I managed to sign, decrypt data and authenticate through ssh sessions > with it. > PB2 as LED is working and PA0 as ACK button is also working fine, I > haven't seen any issue for these use-case in a week. About ack button, it is on PA0 and PA0 is used for it's ADC function and entropy generation, so i think you have to modifiy /gnuk/chopstx/contrib/adc-stm32ff103.c in order to use an other pin for ADC than PA0 Entropy generation graph is explain on Niibe site here : https://www.gniibe.org/memo/development/gnuk/rng/neug.html You can see that PA0 and PA1 are used for their ADC. It's also indicate for example in board-fst-01-00.h file ?* PA0? - input with pull-up.? AN0 ?* PA1? - input with pull-up.? AN1 For Blue-Pill-Plus, button is connect to 3.3V (https://github.com/WeActStudio/BluePill-Plus/blob/master/HDK/BluePillPlus_V10_SchDoc.pdf) so i think you configure PA0 as input pull-down. I think all this change can interfere with good entropy generation. I see different cases of board in /gnuk/chopstx/contrib/adc-stm32ff103.c which seem to use different ADC pins but i don't really understand how. It's for that, i didn't take care of ackbutton to day. --------------------------------------------------------------- In your board file, you indicate id board : 0x49403d56. In mine, i indicate 0x1ba01477. I get this id with stlink program as core id. Can your tell me how you get your board id ? Fr?d?ric SUEL > > Regards, > Alexandre > > > > On Fri, 7 Mar 2025 at 10:00, Fr?d?ric SUEL wrote: > > Ref : Post on the gnuk list : Fr?d?ric SUEL frederic.suel at > free.fr Mon Feb 17 11:13:25 CET 2025 > > Hi, > > Thank you for your interest for this board. > > When i asked help about this board, i proposed a file > board-blue-pill-plus-cb.h because this board exist with 4 arm > processor and two riscv processors. I indicated cd because there > is STM32F103C8T6 (64k)? and CBT6 (128k). To take care of 64K > version, you have to add code in /gnuk/src/.configure. (see my post) > > For my blue-pilll-board stm32F103CB, i have #define BOARD_ID??? > 0x1ba01477 (see my post). Perhaps your board is a STM32F103C6T6 > board, i don't know why IDs are different > > For instance, i doesn't take care of ackbutton because there is a > supplementary problem as PA0 is used for it's ADC and for entropy > generation. I think you have to modify > /gnuk/chopstx/contrib/adc-stm32ff103.c but i doesn't know how. > > ---- > > So i just created /gnuk/board/board-blue-pill-plus-cb.h, modified > /gnuk/src/.configure to add definition of BLUE-PILL-PLLUS-CB > and/**/chopstx/mcu/sys-stm31f103.h for my first tests and doesn't > take care of ackbutton on PA0 > > I get : > > -- works fine with curve25519 : generation on the board and import > on the board. > > -- impossibility to generate secp256k1 on the board even with > KDF-DO activate as Niibe suggested (msg : used conditions not > satisfied) > > -- impossibility to generate X448 on the board even with Niibe > patch (msg : board error) > > -- impossibility to import X448 on the board. It seems to work but > only encrypt key is on the board and works. The other keys are > marked as # .? I get with gpg --list-secret-keys > > sec#? ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire?: 2075-02-11] > > Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48 D127D 4BA4E > CAEB3 685B3 575E7 > > uid????????????????? [? ultime ] tmp > > ssb>? cv448/0x406CC6562774BC84 2025-02-23 [E] [expire?: 2075-02-11] > > ssb#? ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire?: 2075-02-11] > > ---- > > Can you precise what's work with your board ? > > Best regards > > > > Le 06/03/2025 ? 23:47, Alexandre Esse a ?crit?: >> Hello, >> >> Here is a short message to notify the mailing list that I >> proposed a merge request on chopstx: >> https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1 >> >> This is the first step to add gnuk support for Blue Pill Plus >> boards . >> >> Not sure if this is the way to contribute: looking forward to >> your feedback. >> >> Regards, >> Alexandre >> >> _______________________________________________ >> Gnuk-users mailing list >> Gnuk-users at gnupg.org >> https://lists.gnupg.org/mailman/listinfo/gnuk-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexandre.esse.dev at gmail.com Fri Mar 14 18:10:17 2025 From: alexandre.esse.dev at gmail.com (Alexandre Esse) Date: Fri, 14 Mar 2025 18:10:17 +0100 Subject: [chopstx] Add support for Blue Pill Plus board In-Reply-To: References: <08a19b9b-1db0-4da3-b1e9-9a69d26df2b3@free.fr> Message-ID: Thank you for the merge! Also, thank you for these information Fr?d?ric: Following your comments, we can agree that my contribution should be updated to take into account the different variants of the "BP+": C6T6, CBT6 ... ? Is there somewhere in documentation we can keep track of the available and tested features of each board/token ? In order to generate the board ID, i run this command: ``` $ echo -n "Blue Pill Plus" | shasum -a 256 | sed -e 's/^.*\(........\) -$/\1/' ``` Which gave me: 0x49403d56 I will try to get into key generation and neug next and keep you up to date if I get anything relevant. Regards, Alexandre On Fri, 14 Mar 2025 at 17:42, Fr?d?ric SUEL wrote: > Hello, > > A lot of thanks for your work. > > See my observations *infra*. I hope it can help you. > > Best regards > Le 13/03/2025 ? 19:52, Alexandre Esse a ?crit : > > Hello Fr?d?ric, > > Great, I didn't see you already did some integration developments on this > board, I just joined the mailing list and didn't look extensively into the > history. For now I only pushed the chopstx part but indeed, gnuk itself > should also be updated. > > I also have the STM32F103CBT6 version of the board. (marked as v1.1 on > the PCB: not sure what it means: I opened an Issue on github and send an > email to WeAct support to get some info: > https://github.com/WeActStudio/BluePill-Plus/issues/19) > > You can find the difference between V1.0 et V1.1 here : > https://github.com/WeActStudio/WeActStudio.BluePill-Plus-CH32/tree/master/HDK > It's for CH32 processor but the design of the boards are all the same. > > > I have been testing both on the 1.2.20 branch and 2.2. But I guess I will > stay on v2.2 for the rest of my tests. > > Here are the remaining tweaks I did on v2.2 ( > de9652726b1ce52b21e939c6989dda0268b5c640) of gnuk to make it work: > > diff --git a/src/configure b/src/configure > index 1188a72..4ff7d1a 100755 > --- a/src/configure > +++ b/src/configure > @@ -130,6 +130,7 @@ Configuration: > ST_NUCLEO_F103 > NITROKEY_START > BLUE_PILL > + BLUE_PILL_PLUS > STM8S_DISCOVERY > CQ_STARM > STM32_PRIMER2 > @@ -164,7 +165,7 @@ MEMORY_SIZE=20 > > # Settings for TARGET > case $target in > -BLUE_PILL|STM8S_DISCOVERY) > +BLUE_PILL|BLUE_PILL_PLUS|STM8S_DISCOVERY) > # It's 64KB version of STM32F103, but actually has 128KB > flash_override="-DSTM32F103_OVERRIDE_FLASH_SIZE_KB=128" > ;; > > There is STM32F103C6T6 (64K) and CBT6 (128K), so i think your add > relative to : # setting to target, is not necessary for CBT6 processor > which have 128K memory. That's why i suggested to have multiple definition > board to take care of different processor (arm and riscv) and different > amount of memory > > I haven't been testing "on-the-token" key generation. I only transferred > to it from a host PC. I always had KDF-DO activated. > The main issue I get is when I try to "reset" the token, it simply doesn't > work but I haven't been investigating it. > Also some PIN management's actions seem shaky (but there is a possibility > that this is due to my lack of experience on gnuk tokens too). > So for now, I tested the key with this kind of secret keys I get with > 'gpg --list-secret-keys': > sec> ed25519 2025-03-13 [SC] > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > Card serial no. = FFFF 00000000 > uid [ultimate] Tmp Tmp > ssb> cv25519 2025-03-13 [E] > ssb> ed25519 2025-03-13 [A] > I managed to sign, decrypt data and authenticate through ssh sessions with > it. > PB2 as LED is working and PA0 as ACK button is also working fine, I > haven't seen any issue for these use-case in a week. > > About ack button, it is on PA0 and PA0 is used for it's ADC function and > entropy generation, so i think you have to modifiy /gnuk/chopstx/contrib/adc-stm32ff103.c > in order to use an other pin for ADC than PA0 > > Entropy generation graph is explain on Niibe site here : > https://www.gniibe.org/memo/development/gnuk/rng/neug.html > > You can see that PA0 and PA1 are used for their ADC. It's also indicate > for example in board-fst-01-00.h file > > * PA0 - input with pull-up. AN0 > * PA1 - input with pull-up. AN1 > > For Blue-Pill-Plus, button is connect to 3.3V ( > https://github.com/WeActStudio/BluePill-Plus/blob/master/HDK/BluePillPlus_V10_SchDoc.pdf) > so i think you configure PA0 as input pull-down. I think all this change > can interfere with good entropy generation. I see different cases of board > in /gnuk/chopstx/contrib/adc-stm32ff103.c which seem to use different ADC > pins but i don't really understand how. It's for that, i didn't take care > of ackbutton to day. > > --------------------------------------------------------------- > > In your board file, you indicate id board : 0x49403d56. In mine, i > indicate 0x1ba01477. I get this id with stlink program as core id. Can your > tell me how you get your board id ? > > Fr?d?ric SUEL > > > Regards, > Alexandre > > > > On Fri, 7 Mar 2025 at 10:00, Fr?d?ric SUEL wrote: > >> Ref : Post on the gnuk list : Fr?d?ric SUEL frederic.suel at free.fr Mon >> Feb 17 11:13:25 CET 2025 >> >> Hi, >> >> Thank you for your interest for this board. >> >> When i asked help about this board, i proposed a file >> board-blue-pill-plus-cb.h because this board exist with 4 arm processor and >> two riscv processors. I indicated cd because there is STM32F103C8T6 (64k) >> and CBT6 (128k). To take care of 64K version, you have to add code in >> /gnuk/src/.configure. (see my post) >> >> For my blue-pilll-board stm32F103CB, i have #define BOARD_ID >> 0x1ba01477 (see my post). Perhaps your board is a STM32F103C6T6 board, i >> don't know why IDs are different >> >> For instance, i doesn't take care of ackbutton because there is a >> supplementary problem as PA0 is used for it's ADC and for entropy >> generation. I think you have to modify >> /gnuk/chopstx/contrib/adc-stm32ff103.c but i doesn't know how. >> >> ---- >> >> So i just created /gnuk/board/board-blue-pill-plus-cb.h, modified >> /gnuk/src/.configure to add definition of BLUE-PILL-PLLUS-CB and chopstx/mcu/sys-stm31f103.h >> for my first tests and doesn't take care of ackbutton on PA0 >> >> I get : >> >> -- works fine with curve25519 : generation on the board and import on the >> board. >> >> -- impossibility to generate secp256k1 on the board even with KDF-DO >> activate as Niibe suggested (msg : used conditions not satisfied) >> >> -- impossibility to generate X448 on the board even with Niibe patch (msg >> : board error) >> >> -- impossibility to import X448 on the board. It seems to work but only >> encrypt key is on the board and works. The other keys are marked as # . I >> get with gpg --list-secret-keys >> >> sec# ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire : 2075-02-11] >> >> Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48 D127D 4BA4E CAEB3 >> 685B3 575E7 >> >> uid [ ultime ] tmp >> >> ssb> cv448/0x406CC6562774BC84 2025-02-23 [E] [expire : 2075-02-11] >> >> ssb# ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire : 2075-02-11] >> >> ---- >> >> Can you precise what's work with your board ? >> >> Best regards >> >> >> >> Le 06/03/2025 ? 23:47, Alexandre Esse a ?crit : >> >> Hello, >> >> Here is a short message to notify the mailing list that I proposed a >> merge request on chopstx: >> https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1 >> >> This is the first step to add gnuk support for Blue Pill Plus boards >> . >> >> Not sure if this is the way to contribute: looking forward to your >> feedback. >> >> Regards, >> Alexandre >> >> _______________________________________________ >> Gnuk-users mailing listGnuk-users at gnupg.orghttps://lists.gnupg.org/mailman/listinfo/gnuk-users >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From frederic.suel at free.fr Fri Mar 14 18:53:49 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Fri, 14 Mar 2025 18:53:49 +0100 Subject: [chopstx] Add support for Blue Pill Plus board In-Reply-To: References: <08a19b9b-1db0-4da3-b1e9-9a69d26df2b3@free.fr> Message-ID: <11c75ab9-6934-4b8c-a6ef-d64fe9d79643@free.fr> Hi Alexandre, Thank you for your explanation. I haven't understood that board id was just a hash of the name give to the board in board.h ! For Blue Pill Plus board, i have just begin to adapt gnuk for CBT6 board. But i can give you some information about the different boards. * RISCV Board (CH32V) : https://github.com/WeActStudio/WeActStudio.BluePill-Plus-CH32 ??? Available here : https://fr.aliexpress.com/item/1005001474741936.html ??? Processors characteristics here : https://www.wch.cn/products/productsCenter/mcuInterface?categoryId=70 * ARM boards ??? ** APM32F103CBT6 : https://github.com/WeActStudio/WeActStudio.BluePill-Plus-APM32/ ??? ** GD32F103CBT6 : https://github.com/WeActStudio/WeActStudio.BluePill-Plus-GD32/ ??? ** CH32F103C8T6 : https://github.com/WeActStudio/BluePill-Plus/ ??? Available here : https://fr.aliexpress.com/item/1005001474741936.html ??? **STM32F103C8T6 and CBT6 : https://github.com/WeActStudio/BluePill-Plus/ ??? Available here : https://fr.aliexpress.com/item/1005006110046576.html Regards Fr?d?ric Le 14/03/2025 ? 18:10, Alexandre Esse a ?crit?: > Thank you for the merge! > > Also, thank you for these information Fr?d?ric: Following your > comments, we can agree that my contribution should be updated to take > into account the different variants of the "BP+": C6T6, CBT6 ... ? > > Is there somewhere in documentation we can keep track of the available > and tested features of each board/token ? > > In order to generate the board ID, i run this command: > ``` > $ echo -n "Blue Pill Plus" | shasum -a 256 | sed -e 's/^.*\(........\) > ?-$/\1/' > ``` > Which gave me: 0x49403d56 > > I will try to get into key generation and neug next and keep you up to > date if I get anything relevant. > > Regards, > Alexandre > > On Fri, 14 Mar 2025 at 17:42, Fr?d?ric SUEL wrote: > > Hello, > > A lot of thanks for your work. > > See my observations /infra/. I hope it can help you. > > Best regards > > Le 13/03/2025 ? 19:52, Alexandre Esse a ?crit?: >> Hello Fr?d?ric, >> >> Great, I didn't see you already did some integration developments >> on this board, I just joined the mailing list and didn't look >> extensively into the history. For now I only pushed the chopstx >> part but indeed, gnuk itself should also be updated. >> >> I also have the STM32F103CBT6 version of the board. (marked as >> v1.1 on the PCB: not sure what it means: I opened an Issue on >> github and send an email to WeAct support to get some info: >> https://github.com/WeActStudio/BluePill-Plus/issues/19) > You can find the difference between V1.0 et V1.1 here : > https://github.com/WeActStudio/WeActStudio.BluePill-Plus-CH32/tree/master/HDK > It's for CH32 processor but the design of the boards are all the same. >> >> I have been testing both on the 1.2.20 branch and 2.2. But I >> guess I will stay on v2.2 for the rest of my tests. >> >> Here are the remaining tweaks I did on v2.2 >> (de9652726b1ce52b21e939c6989dda0268b5c640)of gnuk to make it work: >> >> diff --git a/src/configure b/src/configure >> index 1188a72..4ff7d1a 100755 >> --- a/src/configure >> +++ b/src/configure >> @@ -130,6 +130,7 @@ Configuration: >> ? ? ? ? ? ? ? ? ? ? ? ? ? ?ST_NUCLEO_F103 >> ? ? ? ? ? ? ? ? ? ? ? ? ? ?NITROKEY_START >> ? ? ? ? ? ? ? ? ? ? ? ? ? ?BLUE_PILL >> + ? ? ? ? ? ? ? ? ? ? ? ? ?BLUE_PILL_PLUS >> ? ? ? ? ? ? ? ? ? ? ? ? ? ?STM8S_DISCOVERY >> ? ? ? ? ? ? ? ? ? ? ? ? ? ?CQ_STARM >> ? ? ? ? ? ? ? ? ? ? ? ? ? ?STM32_PRIMER2 >> @@ -164,7 +165,7 @@ MEMORY_SIZE=20 >> >> ?# Settings for TARGET >> ?case $target in >> -BLUE_PILL|STM8S_DISCOVERY) >> +BLUE_PILL|BLUE_PILL_PLUS|STM8S_DISCOVERY) >> ? ?# It's 64KB version of STM32F103, but actually has 128KB >> ?flash_override="-DSTM32F103_OVERRIDE_FLASH_SIZE_KB=128" >> ? ?;; >> > There is STM32F103C6T6 (64K)? and CBT6 (128K), so i think your add > relative to : # setting to target, is not necessary for CBT6 > processor which have 128K memory. That's why i suggested to have > multiple definition board to take care of different processor (arm > and riscv) and different amount of memory >> I haven't been testing "on-the-token" key generation. I only >> transferred to it from a host PC. I always had KDF-DO activated. >> The main issue I get is when I try to "reset" the token, it >> simply doesn't work but I haven't been investigating it. >> Also some PIN management's actions seem shaky (but there is a >> possibility that this is due to my lack of experience on gnuk >> tokens too). >> So for now, I tested the key with this kind of secret keys I get >> with 'gpg --list-secret-keys': >> sec> ?ed25519 2025-03-13 [SC] >> ????? XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX >> ? ? ? Card serial no. = FFFF 00000000 >> uid ? ? ? ? ? [ultimate] Tmp Tmp >> ssb> ?cv25519 2025-03-13 [E] >> ssb> ?ed25519 2025-03-13 [A] >> I managed to sign, decrypt data and authenticate through ssh >> sessions with it. >> PB2 as LED is working and PA0 as ACK button is also working fine, >> I haven't seen any issue for these use-case in a week. > > About ack button, it is on PA0 and PA0 is used for it's ADC > function and entropy generation, so i think you have to modifiy > /gnuk/chopstx/contrib/adc-stm32ff103.c in order to use an other > pin for ADC than PA0 > > Entropy generation graph is explain on Niibe site here : > https://www.gniibe.org/memo/development/gnuk/rng/neug.html > > You can see that PA0 and PA1 are used for their ADC. It's also > indicate for example in board-fst-01-00.h file > > ?* PA0? - input with pull-up. AN0 > ?* PA1? - input with pull-up.? AN1 > > For Blue-Pill-Plus, button is connect to 3.3V > (https://github.com/WeActStudio/BluePill-Plus/blob/master/HDK/BluePillPlus_V10_SchDoc.pdf) > so i think you configure PA0 as input pull-down. I think all this > change can interfere with good entropy generation. I see different > cases of board in /gnuk/chopstx/contrib/adc-stm32ff103.c which > seem to use different ADC pins but i don't really understand how. > It's for that, i didn't take care of ackbutton to day. > > --------------------------------------------------------------- > > In your board file, you indicate id board : 0x49403d56. In mine, i > indicate 0x1ba01477. I get this id with stlink program as core id. > Can your tell me how you get your board id ? > > Fr?d?ric SUEL > >> >> Regards, >> Alexandre >> >> >> >> On Fri, 7 Mar 2025 at 10:00, Fr?d?ric SUEL >> wrote: >> >> Ref : Post on the gnuk list : Fr?d?ric SUEL frederic.suel at >> free.fr Mon Feb 17 11:13:25 CET 2025 >> >> Hi, >> >> Thank you for your interest for this board. >> >> When i asked help about this board, i proposed a file >> board-blue-pill-plus-cb.h because this board exist with 4 arm >> processor and two riscv processors. I indicated cd because >> there is STM32F103C8T6 (64k)? and CBT6 (128k). To take care >> of 64K version, you have to add code in /gnuk/src/.configure. >> (see my post) >> >> For my blue-pilll-board stm32F103CB, i have #define BOARD_ID >> 0x1ba01477 (see my post). Perhaps your board is a >> STM32F103C6T6 board, i don't know why IDs are different >> >> For instance, i doesn't take care of ackbutton because there >> is a supplementary problem as PA0 is used for it's ADC and >> for entropy generation. I think you have to modify >> /gnuk/chopstx/contrib/adc-stm32ff103.c but i doesn't know how. >> >> ---- >> >> So i just created /gnuk/board/board-blue-pill-plus-cb.h, >> modified /gnuk/src/.configure to add definition of >> BLUE-PILL-PLLUS-CB and/**/chopstx/mcu/sys-stm31f103.h for my >> first tests and doesn't take care of ackbutton on PA0 >> >> I get : >> >> -- works fine with curve25519 : generation on the board and >> import on the board. >> >> -- impossibility to generate secp256k1 on the board even with >> KDF-DO activate as Niibe suggested (msg : used conditions not >> satisfied) >> >> -- impossibility to generate X448 on the board even with >> Niibe patch (msg : board error) >> >> -- impossibility to import X448 on the board. It seems to >> work but only encrypt key is on the board and works. The >> other keys are marked as # .? I get with gpg --list-secret-keys >> >> sec#? ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire?: >> 2075-02-11] >> >> Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48 D127D >> 4BA4E CAEB3 685B3 575E7 >> >> uid????????????????? [? ultime ] tmp >> >> ssb>? cv448/0x406CC6562774BC84 2025-02-23 [E] [expire?: >> 2075-02-11] >> >> ssb#? ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire?: >> 2075-02-11] >> >> ---- >> >> Can you precise what's work with your board ? >> >> Best regards >> >> >> >> Le 06/03/2025 ? 23:47, Alexandre Esse a ?crit?: >>> Hello, >>> >>> Here is a short message to notify the mailing list that I >>> proposed a merge request on chopstx: >>> https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1 >>> >>> This is the first step to add gnuk support for Blue Pill >>> Plus boards . >>> >>> Not sure if this is the way to contribute: looking forward >>> to your feedback. >>> >>> Regards, >>> Alexandre >>> >>> _______________________________________________ >>> Gnuk-users mailing list >>> Gnuk-users at gnupg.org >>> https://lists.gnupg.org/mailman/listinfo/gnuk-users >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From frederic.suel at free.fr Fri Mar 14 20:16:09 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Fri, 14 Mar 2025 20:16:09 +0100 Subject: Gnuk on a new PC In-Reply-To: <87jz8s40e4.fsf@haruna.fsij.org> References: <18fcdfe2-3275-4e4c-8651-b616377e6ae8@free.fr> <87jz8s40e4.fsf@haruna.fsij.org> Message-ID: Hello, Sorry, i forgot to give you the result of gpg --list-secret-keys /home/tyty/.gnupg/pubring.kbx ----------------------------- sec#? rsa4096 2019-07-02 [C] [expir?e?: 2022-07-01] 3AC88726F43C20286B77751A1FBE94346FAC9A31 uid????????? [ expir?e ] yoko.san at free.fr ---- It's the same as gpg --list-keys /home/tyty/.gnupg/pubring.kbx ----------------------------- pub?? rsa4096 2019-07-02 [C] [expir?e?: 2022-07-01] 3AC88726F43C20286B77751A1FBE94346FAC9A31 uid????????? [ expir?e ] yoko.san at free.fr --- And the same as gpg -k 4CB30018D47A6367 tyty at tyty-HP-ProBook-4545s:~$ gpg -k 4CB30018D47A6367 pub?? rsa4096 2019-07-02 [C] [expir?e?: 2022-07-01] 3AC88726F43C20286B77751A1FBE94346FAC9A31 uid????????? [ expir?e ] yoko.san at free.fr --- It seems that gpg doesn't see my subkeys but gpg --card-edit does. NB : my public key is joined to the message. Best regards Le 14/03/2025 ? 07:00, NIIBE Yutaka a ?crit?: > Hello, > > I don't understand what is your problem. > > Fr?d?ric SUEL wrote: >> - import my public key with gpg --import publickey.asc > Can you share this file with me? I don't think there is anything > confidential in this file, since it's a public key file. > > And how about the output of the following command invocation? > > gpg -k 4CB30018D47A6367 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: yokosan.pub Type: application/vnd.ms-publisher Size: 4349 bytes Desc: not available URL: From frederic.suel at free.fr Fri Mar 14 20:30:49 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Fri, 14 Mar 2025 20:30:49 +0100 Subject: Help with new board Blue Pill Plus with gnuk In-Reply-To: <87msdo4106.fsf@haruna.fsij.org> References: <87ldu5tlmf.fsf@haruna.fsij.org> <2ae47c94-d61f-41c9-888a-6a58539ce7e9@free.fr> <87zfikkqgz.fsf@haruna.fsij.org> <588a227d-e52e-4436-b166-501cc4fb5268@free.fr> <87seo9kuh2.fsf@haruna.fsij.org> <87msdo4106.fsf@haruna.fsij.org> Message-ID: <2d679aa7-1538-4ae9-86c0-4ad3a36e6fdc@free.fr> Hello, I made the tests with new LinuxMint 22.1 installation and i confirme it works fine (see /infra/) --- gpg/carte> list Reader ...........: 1209:2440:FSIJ-2.2-43112959:0 Application ID ...: D276000124010200FFFE431129590000 Application type .: OpenPGP Version ..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number ....: 43112959 Name of cardholder: [non positionn?] Language prefs ...: [non positionn?] Salutation .......: URL of public key : [non positionn?] Login data .......: [non positionn?] Signature PIN ....: forc? Key attributes ...: secp256k1 secp256k1 secp256k1 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 4 KDF setting ......: on UIF setting ......: Sign=off Decrypt=off Auth=off Signature key ....: 769F 09AB 8B40 BA12 C73E? 1284 7F59 F36C F2C7 C507 ????? created ....: 2025-03-14 19:19:01 Encryption key....: 53A1 A60F E6B7 39E7 CEA7? 68BD 1C84 504F 5B74 140D ????? created ....: 2025-03-14 19:19:01 Authentication key: E0F8 D976 EBE7 54B1 D146? 9D2D 39CB 6D6D B249 9987 ????? created ....: 2025-03-14 19:19:01 General key info..: pub? secp256k1/7F59F36CF2C7C507 2025-03-14 tmp sec>? secp256k1/7F59F36CF2C7C507 cr???: 2025-03-14? expire?: 2035-03-12 ????????????????????????????????? n? de carte?: FFFE 43112959 ssb>? secp256k1/39CB6D6DB2499987 cr???: 2025-03-14? expire?: 2035-03-12 ????????????????????????????????? n? de carte?: FFFE 43112959 ssb>? secp256k1/1C84504F5B74140D cr???: 2025-03-14? expire?: 2035-03-12 ????????????????????????????????? n? de carte?: FFFE 43112959 gpg/carte> quit pub?? secp256k1 2025-03-14 [SC] [expire?: 2035-03-12] 769F09AB8B40BA12C73E12847F59F36CF2C7C507 uid????????????????????? tmp sub?? secp256k1 2025-03-14 [A] [expire?: 2035-03-12] sub?? secp256k1 2025-03-14 [E] [expire?: 2035-03-12] tyty at tyty-HP-ProBook-4545s:~$ --- But i sould have a problem of configuration with my old PC under LinuxMint 22.1 (same OS) because i always get the same error : signature failed : used conditions not satisfied. So i will make all my new tests under my fresh installation before post. Thank you for your tests and help. Best regards. Le 14/03/2025 ? 06:47, NIIBE Yutaka a ?crit?: > Hello, > > Fr?d?ric SUEL wrote: >> KDF-DO is on and i get the same error > I re-read the log of your experiment. > >> --------------------------------------------------------------- >> >> LinuxMint gnupg 2.4.4 >> >> gpg --card-edit >> can't connect to 'socket:///home/yokosano/.gnupg/log-socket': Aucun >> fichier ou dossier de ce nom >> >> Reader ...........: 1209:2440:FSIJ-2.2-43112959:0 >> Application ID ...: D276000124010200FFFE431129590000 >> Application type .: OpenPGP >> Version ..........: 2.0 >> Manufacturer .....: unmanaged S/N range >> Serial number ....: 43112959 >> Name of cardholder: [non positionn?] >> Language prefs ...: [non positionn?] >> Salutation .......: >> URL of public key : [non positionn?] >> Login data .......: [non positionn?] >> Signature PIN ....: forc? >> Key attributes ...: secp256k1 secp256k1 secp256k1 >> Max. PIN lengths .: 127 127 127 >> PIN retry counter : 3 3 3 >> Signature counter : 0 >> KDF setting ......: on >> UIF setting ......: Sign=off Decrypt=off Auth=off >> Signature key ....: 24B4 8DE1 A850 0937 AB11? 600E 8A17 68BE 0C7A 9021 >> ????? created ....: 2025-02-18 11:17:54 >> Encryption key....: [none] >> Authentication key: [none] >> General key info..: [none] > Here, you already have a signing key on your Gnuk Token, but don't have > other keys. > > I think that this is the part of reasons why you encountered the failure > when invoking "generate" after seeing this status message. > > IIUC, the initial failure had been already occurred at your preceeding > experiment (which generated the signing key). And something went wrong. > After the initial failure, next invokation of "generate" failed. > > Could you please try generating secp256k1 with factory-reset status of > Gnuk Token? For me, it works (and it is covered by gnuk/tests). > -------------- next part -------------- An HTML attachment was scrubbed... URL: From frederic.suel at free.fr Fri Mar 14 21:22:01 2025 From: frederic.suel at free.fr (=?UTF-8?B?RnLDqWTDqXJpYyBTVUVM?=) Date: Fri, 14 Mar 2025 21:22:01 +0100 Subject: Gnuk on a new PC : problem solved but i don't known how In-Reply-To: References: <18fcdfe2-3275-4e4c-8651-b616377e6ae8@free.fr> <87jz8s40e4.fsf@haruna.fsij.org> Message-ID: Hello, The fact that i create cecp256k1 keys on my Blue Pill Plus, change the result of gpg -k 4CB30018D47A6367 command. Now i can see mu subkeys and i don't known why i can't see them before. --------------------------------------------------------------- ?gpg -k 4CB30018D47A6367 gpg: enabled compatibility flags: gpg: utilisation du mod?le de confiance pgp gpg: Remarque?: la clef de signature 1FBE94346FAC9A31 a expir? le 2022-07-01 14:42:48 gpg: Remarque?: la clef de signature 4CB30018D47A6367 a expir? le 2022-07-01 14:46:07 gpg: Remarque?: la clef de signature 1FBE94346FAC9A31 a expir? le 2022-07-01 14:42:48 gpg: Remarque?: la clef de signature 1FBE94346FAC9A31 a expir? le 2022-07-01 14:42:48 pub?? rsa4096 2019-07-02 [C] [expir?e?: 2022-07-01] 3AC88726F43C20286B77751A1FBE94346FAC9A31 uid????????? [ expir?e ] yoko.san at free.fr sub?? ed25519 2019-07-02 [S] [expir?e?: 2022-07-01] sub?? ed25519 2019-07-02 [A] [expir?e?: 2022-07-01] sub?? cv25519 2019-07-02 [E] [expir?e?: 2022-07-01] --------------------------------------------------------------- Did i miss some command ? Best regards --------------------------------------------------------------- Le 14/03/2025 ? 20:16, Fr?d?ric SUEL a ?crit?: > > Hello, > > Sorry, i forgot to give you the result of gpg --list-secret-keys > > /home/tyty/.gnupg/pubring.kbx > ----------------------------- > sec#? rsa4096 2019-07-02 [C] [expir?e?: 2022-07-01] > > 3AC88726F43C20286B77751A1FBE94346FAC9A31 > > uid????????? [ expir?e ] yoko.san at free.fr > > ---- > > It's the same as gpg --list-keys > > /home/tyty/.gnupg/pubring.kbx > ----------------------------- > pub?? rsa4096 2019-07-02 [C] [expir?e?: 2022-07-01] > > 3AC88726F43C20286B77751A1FBE94346FAC9A31 > > uid????????? [ expir?e ] yoko.san at free.fr > > --- > > And the same as gpg -k 4CB30018D47A6367 > > tyty at tyty-HP-ProBook-4545s:~$ gpg -k 4CB30018D47A6367 > > pub?? rsa4096 2019-07-02 [C] [expir?e?: 2022-07-01] > > 3AC88726F43C20286B77751A1FBE94346FAC9A31 > > uid????????? [ expir?e ] yoko.san at free.fr > > --- > > It seems that gpg doesn't see my subkeys but gpg --card-edit does. > > NB : my public key is joined to the message. > > Best regards > > Le 14/03/2025 ? 07:00, NIIBE Yutaka a ?crit?: >> Hello, >> >> I don't understand what is your problem. >> >> Fr?d?ric SUEL wrote: >>> - import my public key with gpg --import publickey.asc >> Can you share this file with me? I don't think there is anything >> confidential in this file, since it's a public key file. >> >> And how about the output of the following command invocation? >> >> gpg -k 4CB30018D47A6367 > > _______________________________________________ > Gnuk-users mailing list > Gnuk-users at gnupg.org > https://lists.gnupg.org/mailman/listinfo/gnuk-users -------------- next part -------------- An HTML attachment was scrubbed... URL: