Gnuk 1.1.1

NIIBE Yutaka gniibe at fsij.org
Thu Dec 26 01:32:42 CET 2013


Hello,

Development version of Gnuk 1.1.1 was released.

Gnuk is an implementation of Cryptographic Token for GnuPG, and it
runs on STM32F103.

This is experimental version, with new thread library.  While I have
been using Gnuk 1.0.1 for about 1.5 year, this version is not used
much.  It has been only tested with the test suite.  Basically, this
version is for developers.

It is better to stay with stable Gnuk 1.0.x for normal case.  But, for
Japanese people who like bleeding edge, I'm doing a little campaign of
FST-01 wit Gnuk 1.1.1 (only ten or so):

    http://www.gniibe.org/shop/gnuk_1_1_x-on-fst-01 (in Japanese)

RSA computation routine is updated and improved, too.  Major change is
from upstream PolarSSL 1.2.10 (against timing attack), but we don't
use RSA blinding for Gnuk.  Instead, I fixed all timing differences of
original PolarSSL, carefully and correctly.  During this change,
memory consumption and speed are improved a bit.

Note that the risk by such an attack is not that huge if you follow a
general practice of Gnuk Token (inserting the token only when used,
and unattended use (for days) couldn't occur), in the first place.
Therefore, we don't urge Gnuk 1.0.x users to upgrade 1.1.0 as security
upgrade.

To handle the risk of unattended use, card insertion/removal simulation
feature is added, but this is also experimental, too.

This version include the source code of Elliptic Curve Cryptography
and the NIST curve P256.  It is not enabled, because no one would use
it.  When enabled, you can use the key of ECC with SSH and development
version of GnuPG 2.1.x.  I had thought that this were the new feature
of 2013, but, well, life is hard.  I will implement a different curve
next year.


Here are the list of changes (in 1.1.0 and 1.1.1).

* Overriding key import / generation (Incompatible Change)

  Gnuk supports overriding key import or key generation even if keys are
  already installed.  Note that it will result password reset of user.

* RSA key generation improvement

  Prime number generation is done by Fouque-Tibouchi method.

* Security fix for RSA computation 

  PolarSSL had a vulnerability against timing attack.  For detail,
  please see:

  http://www.gniibe.org/memo/development/gnuk/polarssl/polarssl-rsa-blinding

* Improved RSA routine

  RSA computation has been improved using MPI square routine.  Note that
  you should not adopt this modification for general purpose computer,
  as this change is weak against the Yarom/Falkner flush+reload cache
  side-channel attack.

  Working memory for RSA computation is taken from stack instead of
  malloc (mostly).

* Upgrade of NeuG

  The true random number generator was upgraded to the one of NeuG 1.0.

* Replacement of kernel (thread library)

  Instead of ChibiOS/RT, we now use Chopstx.

* Removal of obsolete features

  The feature named pin-dial, which is pin input with hardware
  enhancement (with rotary encoder) is removed.

* Tools and test suite now work with PyUSB 1.0, too.

  It only worked with PyUSB 0.4.3, but it works with PyUSB 1.0 too.


Links:

Gnuk Documentation:
    http://www.fsij.org/doc-gnuk/

Gnuk Repository:
    http://gitorious.org/gnuk/

FST-01 introduction:
    http://www.seeedstudio.com/wiki/index.php?title=FST-01

FST-01 Gnuk Handbook (in Japanese);
    http://no-passwd.net/fst-01-gnuk-handbook/


Happy Hacking and Happy Holidays.

Enjoy,
-- 






More information about the Gnupg-devel mailing list