Gnuk version 0.12

NIIBE Yutaka gniibe at
Fri May 13 05:15:51 CEST 2011


Gnuk version 0.12 is out.

Gnuk is software implementation of a USB token for GNU Privacy Guard.
Gnuk supports OpenPGP card protocol version 2, and it runs on STM32

Highlights are (in gnuk-0.12/NEWS):

* Admin-less mode is supported

  The OpenPGP card specification assumes existence of a security
  officer (admin), who has privilege to manage the card.  On the other
  hand, many use cases of Gnuk are admin == user.

  Thus, Gnuk now supports "admin-less" mode.  In this mode, user can
  get privilege with the password of PW1.

  At the initialization of the card, Gnuk becomes compatible mode by
  setting PW3.  Without setting PW3, it becomes "admin-less" mode
  by setting PW1.

* tool/ now uses pyscard

  Instead of PyUSB, it uses Python binding of PC/SC.  PyUSB version is
  still available as tool/

* Logo for Gnuk is updated

* Gnuk Sticker SVG is available

And we have FAQ now (in gnuk-0.12/README):

Q0: How Gnuk USB Token is superior than other solutions (OpenPGP
    card 2.0, GPF Crypto Stick, etc) ?
A0: IMRHO, not quite.  There is no ready-to-use out-of-box product.
    (It is welcome for me that some vendor will manufacture Gnuk USB
     Token.  Even I can help design of hardware, if needed.)
    Good points are:
    * If you have skill of electronics and like DIY, you can build
      Gnuk Token cheaper (see Q8-A8).
    * You can study Gnuk to modify and to enhance.  For example, you
      can implement your own authentication method with some sensor
      such as acceleration sensor.
    * It is "of Free Software"; Gnuk is distributed under GPLv3+,
            "by Free Software"; Gnuk development requires only Free Software
	    	                (GNU Toolchain, Python, etc.), 
	    "for Free Software"; Gnuk supports GnuPG.

Q1: What's kind of key algorithm is supported?
A1: Gnuk only supports 2048-bit RSA.

Q2: How long does it take for digital signing?
A2: It takes two seconds or so. 

Q3: What's your recommendation for target board?
A3: Orthodox choice is Olimex STM32-H103.
    If you have skill of electronics and like DIY, STM32 part of STM8S
    Discovery Kit might be the best choice.

Q4: What's version of GnuPG are you using?
A4: In Debian GNU/Linux system, I use gnupg 1.4.11-3 and gnupg-agent
    2.0.14-2 (in sid).  With older versions, you can only sign with SHA1.

Q5: What's version of pcscd and libccid are you using?
A5: In Debian GNU/Linux system, I use pcscd 1.5.5-4 and libccid 1.3.11-2,
    which is in squeeze.  Note that you need to edit /etc/libccid_Info.plist
    when using libccid (< 1.4.1).

Q6: What kinds of hardware is required for development?
A6: You need a target board plus a JTAG debugger.  If you just want to
    test Gnuk for target boards with DfuSe, JTAG debugger is not
    the requirement.  Note that for real use, you need JTAG debugger
    to enable flash ROM protection.

Q7: How much does it cost?
A7: Olimex STM32-H103 plus ARM-USB-TINY-H cost 70 Euro or so.

Q8: How much does it cost for DIY version?
A8: STM8S Discovery Kit costs 750 JPY (< $10 USD) only.  You can build
    your own JTAG debugger using FTDI2232 module (1450 JPY), see:

Q9: I got an error like "gpg: selecting openpgp failed: ec=6.108", what's up?
A9: GnuPG's SCDaemon has problems for handling insertion/removal of
    card/reader (problems are fixed in trunk).  When your newly
    inserted token is not found by GnuPG, try killing scdaemon and let
    it to be invoked again.  I do:
      $ killall -9 scdaemon
    and confirm scdaemon doesn't exist, then,
      $ gpg-connect-agent learn /bye

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20110513/c1ce65b3/attachment.pgp>

More information about the Gnupg-devel mailing list