[Gnuk-users] factory-reset
NIIBE Yutaka
gniibe at fsij.org
Wed Oct 12 01:49:47 UTC 2016
Hello, Jan,
Thank you for your comment.
On 10/11/2016 04:58 PM, Jan Suhr wrote:
> If in the future we ship the more attractive Gnuk 1.2 I'm afraid that
> even more users will block their device. From my perspective it would be
> much better if Gnuk behaves like original OpenPGP Card which can be
> factory-reset without any PIN. Of course you have your good reasons to
> built Gnuk as it is. Perhaps it would be a solution to provide a
> compilation option to enable/disable device reset?
I understand your point:
In the use case of distributing Gnuk for other users (who have no
experience), it is the most common failure mode.
OK, I'll add the factory reset feature of OpenPGP card to Gnuk with
compile-time option. Enabling the option is up to those who compile
Gnuk to flash into a device. A (power) user can upgrade the firmware
by herself (with the feature disabled).
Personally, I also have a reason to introduce this compile-time
feature: I don't know how we can remove keys from original OpenPGP
card, other than by the factory reset. Factory reset would be a
common way removing keys (if card/token support this).
> Alternatively: I don't know the end-to-end use case for the reset code.
> Is it desired for enterprise scenarios where the company provides Gnuk
> devices to their employee? What I have in mind is: Would it be an option
> to change reset code so that it could trigger a factory-reset?
I don't recommend the reset code for that purpose. It will be
considered an easy backdoor to hijack the control of the card.
In theory, it is possible for a factory to register a public key of
RSA-2048 into Gnuk Token, so that locked card can be upgraded to new
firmware (removing all secret). I thought that this could be an
alternative to the factory reset, but it would be difficult to manage
such a key, in practice, under the condition of the code is under GNU
GPLv3.
Please note that we also need to modify GnuPG to support factory-reset
command for Gnuk Token, it is not supported now. Well, I will, too.
--
More information about the gnuk-users
mailing list