20171005-gnupg-ccid-card-daemon-UbuntuPhone

Daniel Villarreal youcanlinux at gmail.com
Fri Oct 13 18:44:01 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

re:
https://www.gnupg.org/blog/20171005-gnupg-ccid-card-daemon-UbuntuPhone.h
tml

Matthias, I appreciate your doing this tutorial. You put a lot of
effort into it. I'm wanting to make some suggestions. Please forgive
me if I'm misunderstanding anything.

Cheers,
Daniel Villarreal



The device root file system is for good reason mounted read-only. I.e.
one can not just install any other piece of software into it.

could perhaps be...

The device root file system is mounted read-only for good reason, i.e.
one can not just install any other software in it.





The way used here is an additional Linux system inside the phones
system and chroot-ing into it for the to be installed software, and
later calling the software from outside the chroot'ed file system.

could be perhaps...

The method used here is an additional Linux system inside the phone's
system and chrooting into it to install this software, and later
calling the software from outside the chrooted file system.




The second occurrence of phablet should not be formatted.




I have created there an additional directory /home/phablet/myRoot and
below this untar'ed a complete Debian based Linux. How to do this is
described in a small Gitbook about the BQ E4.5.

could be perhaps...

I have created there an additional directory /home/phablet/myRoot and
below this untarred a complete Debian based Linux. How to do this is
described in this article, i.e. Gitbook about the BQ E4.5.





In the following text as naming convention the shell prompt $ means,
we are in the phones file system and something like
root at ubuntu-phablet:/# or phablet at ubuntu-phablet:~$ means, we are in
the chroot'ed file system, best to understand with these commands:

could be perhaps...

The shell prompt "$" indicates that we are in the phone's file system.
 Conversely, something similar to "root at ubuntu-phablet:/#" or
"phablet at ubuntu-phablet:~$" indicates that we are in the phone's
chrooted file system. To illustrate:






pass is a small password-storage manager which we will later use for
our GnuPG encrypted tree of password, for example for websites or any
other purpose, bank account PIN, …

could be perhaps...

Pass is a small password-storage manager, which we will  use for our
GnuPG encrypted tree of password, e.g., for websites or any other
purpose, bank account PIN ...






Now in the phone system we configure for GnuPG the following config
files:

could be perhaps...

Now in the phone system we configure the following config files for
GnuPG:





Due to the nature of the installation in the chroot'ed system we need
small wrapper scripts to set PATH, LD_LIBRARY_PATH, … and other stuff;

could be perhaps...

Due to the nature of the installation in the chrooted system, we need
small wrapper scripts to set PATH, LD_LIBRARY_PATH, etc.;




run and create for test a key pair (later we want to use the OpenPGP
card key pair for instead of this)

could be perhaps...

run and create a key pair to test (later we'll use the OpenPGP card
key pair instead)




Now we can use the 'pass' command we installed in the chroot'es system
with

could be perhaps...

Now we can use the 'pass' command we installed in the chrooted system
with






Question: Why is there an asterisk after the prompt at the end of
pass.sh ?





Init the pass storage as:

could be perhaps...

Initialize the pass storage as:





Insert some password for test:

could be perhaps...

Insert a random password to test:



Final step is getting support for the OpenPGP card. We need the
'pcscd' daemon. Its build is a bit tricky because it must later, on
start from outside the chroot'ed syste, find the ccid driver.

could be perhaps...

Final step is getting support for the OpenPGP card. We need the pcscd
daemon. Its build is a bit tricky because it must later find the ccid
driver, upon commencing from outside of the chrooted system.



We compile the following pieces inside the chroot'ed system:

could be perhaps...

We compile the following components inside the chrooted system:





ok, now the 'ccid' driver, installed (copied) to be seen by the daemon:

could be perhaps...

Now install the ccid driver:



the driver libccid.so and its control file Info.plist ended up as
configured in:

could be perhaps...

The libccid.so driver and its control file Info.plist are configured in:




Now we start in the phone the pcscd daemon as:
could be perhaps...
Now we start the pcscd daemon as:





Now we removed /home/phablet/.gnupg (saving the *.conf files) and
copied over from my real netbook the /.password-store and the key
material for the OpenPGP card; let's see if 'pass' can unlock the card
(via the gpg-agent) and decipher the crypted information (uncrypted
shown here as XXXXXXXX-XXXXXX). The gpg-agent will first ask for the
card to be inserted and then for its PIN.

could be perhaps...

I removed /home/phablet/.gnupg (after saving the *.conf files) and
copied over from my real netbook the /.password-store and the key
material for the OpenPGP card; let's see if 'pass' can unlock the card
(via the gpg-agent) and decipher the encrypted information
(unencrypted shown here as XXXXXXXX-XXXXXX). The gpg-agent will first
ask for the card to be inserted, and then for its PIN.




- -- 
Daniel Villarreal
http://www.youcanlinux.org
youcanlinux at gmail.com
PGP key 2F6E 0DC3 85E2 5EC0 DA03  3F5B F251 8938 A83E 7B49
https://pgp.mit.edu/pks/lookup?op=get&search=0xF2518938A83E7B49
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEL24Nw4XiXsDaAz9b8lGJOKg+e0kFAlng7UsACgkQ8lGJOKg+
e0n/sggAlGkF/VLxvYrZrT1Kfr7a9jyOZilUO06rfiQN5CF8fVZxkPuSkm38UtMA
uF5IvzMTyXj61/BCOpOrZn3lL4C9npYbzHLBel3TIbI8fV1FoHpwpC61wZVQSJ9P
O3k+qls0aAJyn+YhXJ5UfxgaIm4AFgcQrKp9rljk4s3y6xyu5abcE7uqh0pttMMU
ZQQ9j4RpUSodFJg/bC8LsjlIVWt3dFoN7hEjwuTaPiAFrOo+njpcXNSwOdOqL0vh
2I6dO2BHyG+2acYNTjXZl1m7B6NVcZuHgycwV5Zaf3oNQ4HP+C/M0bMbkyKP3yAa
0YZGDggLMWW+SbrAZ5SEAmMKeXwHHA==
=6L1y
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list