<div dir="ltr">One of the nice things now is that I can put a 4096 bit key on the card, yay:<br><br>   $ gpg --card-status<br><br>   Reader ...........: 234B:0000:FSIJ-1.2.1-87022326:0<br>   Application ID ...: D276000124010200FFFE870223260000<br>   Version ..........: 2.0<br>   Manufacturer .....: unmanaged S/N range<br>   Serial number ....: 87022326<br>   Name of cardholder: [not set]<br>   Language prefs ...: [not set]<br>   Sex ..............: unspecified<br>   URL of public key : [not set]<br>   Login data .......: [not set]<br>   Signature PIN ....: forced<br>   Key attributes ...: rsa4096 rsa4096 rsa4096<br>   Max. PIN lengths .: 127 127 127<br>   PIN retry counter : 3 3 3<br>   Signature counter : 0<br>   Signature key ....: 0313 DBD0 D566 DC77 B512 6E29 7DE2 DB5D 739F B6A1<br>         created ....: 2016-09-07 18:50:09<br>   Encryption key....: A714 891F 3B61 0259 E777 195F 10DC C90E 0BA9 3D29<br>         created ....: 2016-09-07 18:50:09<br>   Authentication key: 0313 DBD0 D566 DC77 B512 6E29 7DE2 DB5D 739F B6A1<br>         created ....: 2016-09-07 18:50:09<br>   General key info..: pub rsa4096/0x7DE2DB5D739FB6A1 2016-09-07 fst01 121 test (test) <<a href="mailto:remy@remy.nl">remy@remy.nl</a>><br>   sec> rsa4096/0x7DE2DB5D739FB6A1 created: 2016-09-07 expires: 2016-10-07<br>                                     card-no: FFFE 87022326<br>   ssb> rsa4096/0x10DCC90E0BA93D29 created: 2016-09-07 expires: 2016-10-07<br>                                     card-no: FFFE 87022326<br><br><br>Generating the key on the card fails however:<br><br>   $ gpg --card-edit<br><br>   Reader ...........: 234B:0000:FSIJ-1.2.1-87022326:0<br>   Application ID ...: D276000124010200FFFE870223260000<br>   Version ..........: 2.0<br>   Manufacturer .....: unmanaged S/N range<br>   Serial number ....: 87022326<br>   Name of cardholder: [not set]<br>   Language prefs ...: [not set]<br>   Sex ..............: unspecified<br>   URL of public key : [not set]<br>   Login data .......: [not set]<br>   Signature PIN ....: forced<br>   Key attributes ...: rsa4096 rsa4096 rsa4096<br>   Max. PIN lengths .: 127 127 127<br>   PIN retry counter : 3 3 3<br>   Signature counter : 0<br>   Signature key ....: [none]<br>   Encryption key....: [none]<br>   Authentication key: [none]<br>   General key info..: [none]<br><br>   gpg/card> admin<br>   Admin commands are allowed<br><br>   gpg/card> generate<br>   Make off-card backup of encryption key? (Y/n) n<br><br>   Please note that the factory settings of the PINs are<br>      PIN = '123456'    Admin PIN = '12345678'<br>   You should change them using the command --change-pin<br><br>   What keysize do you want for the Signature key? (4096)<br>   What keysize do you want for the Encryption key? (4096)<br>   What keysize do you want for the Authentication key? (4096)<br>   Please specify how long the key should be valid.<br>            0 = key does not expire<br>         <n> = key expires in n days<br>         <n>w = key expires in n weeks<br>         <n>m = key expires in n months<br>         <n>y = key expires in n years<br>   Key is valid for? (0)<br>   Key does not expire at all<br>   Is this correct? (y/N) y<br><br>   GnuPG needs to construct a user ID to identify your key.<br><br>   Real name: Remy FST-01 test 4096<br>   Email address: <a href="mailto:remy@example.com">remy@example.com</a><br>   Comment: yay 121<br>   You selected this USER-ID:<br>       "Remy FST-01 test 4096 (yay 121) <<a href="mailto:remy@example.com">remy@example.com</a>>"<br><br>   Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O<br>   gpg: key generation failed: Card error<br>   Key generation failed: Card error<br><br>(I did try to generate the key on the card first, the placed the key on the card.)<br><br>But still, very awesome :D<br></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><br><br><a href="https://raymii.org" target="_blank">https://raymii.org</a><br></div></div>
<br><div class="gmail_quote">On Wed, Sep 7, 2016 at 8:27 PM, Remy van Elst <span dir="ltr"><<a href="mailto:relst@relst.nl" target="_blank">relst@relst.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I received the two FST_01's I ordered (without case, sadly) and it seems the upgrade via usb (password script) does work there, on my first try actually.<br><br>The configure:<br><br>   ./configure --target=FST_01 --vidpid="234b:0000"<br><br>Then the other regular make and for regnual the same.<br><br>I was hoping it would fail on the FST_01 as well because that would mean it might be a hardware issue. But it seems it is actually an issue with the Nitrokey Start hardware. I'm still waiting for the STM devices, yay for long shipping.<br><br>Before the upgrade:<br><br>   $ python2 usb_strings.py <br>   Device: <br>       Vendor: Free Software Initiative of Japan<br>      Product: FSIJ USB Token<br>       Serial: FSIJ-1.0.1-87022326<br>     Revision: release/1.0.1<br>       Config: FST_01:dfu=no:debug=no:pinpad=<wbr>no:certdo=yes:keygen=yes<br>          Sys: 1.0<br><br>   $ gpg --card-status<br>   Reader ...........: 234B:0000:FSIJ-1.0.1-87022326:<wbr>0<br>   Application ID ...: D276000124010200FFFE8702232600<wbr>00<br>   Version ..........: 2.0<br>   Manufacturer .....: unmanaged S/N range<br>   Serial number ....: 87022326<br>   Name of cardholder: [not set]<br>   Language prefs ...: [not set]<br>   Sex ..............: unspecified<br>   URL of public key : [not set]<br>   Login data .......: [not set]<br>   Signature PIN ....: forced<br>   Key attributes ...: rsa2048 rsa2048 rsa2048<br>   Max. PIN lengths .: 127 127 127<br>   PIN retry counter : 3 3 3<br>   Signature counter : 0<br>   Signature key ....: [none]<br>   Encryption key....: [none]<br>   Authentication key: [none]<br>   General key info..: [none]<br><br><br>Upgrade:<br><br>   $ python2 ./upgrade_by_passwd.py -f ../regnual/regnual.bin ../src/build/gnuk.bin <br>   ../regnual/regnual.bin: 4412<br>   ../src/build/gnuk.bin: 110592<br>   CRC32: 303d2f62<span class=""><br><br>   Device: <br>   Configuration: 1<br>   Interface: 0<br>   20001400:20004a00<br>   Downloading flash upgrade program...<br>   start 20001400<br>   end  20002500<br>   Run flash upgrade program...<br>   Wait 1 seconds...<br>   Device: <br>   08001000:08020000<br>   Downloading the program<br>   start 08001000<br>   end  0801b000<br><br></span>After the upgrade:<br><br>   $ python2 usb_strings.py <br>   Device: <br>       Vendor: Free Software Initiative of Japan<br>      Product: Gnuk Token<br>       Serial: FSIJ-1.2.1-87022326<br>     Revision: release/1.2.1-1-g2b784cb-<wbr>modified<br>       Config: FST_01:dfu=no:debug=no:pinpad=<wbr>no:certdo=no<br>          Sys: 1.0<br><br>dmesg during the upgrade and after:<br><br>   [ 294.977933] thinkpad_acpi: EC reports that Thermal Table has changed<br>   [ 726.481249] usb 1-1.1: new full-speed USB device number 3 using ehci-pci<br>   [ 1408.628722] usb 1-1.1: USB disconnect, device number 3<br>   [ 1412.817498] usb 2-1.2: new full-speed USB device number 4 using ehci-pci<br>   [ 1461.011520] usb 2-1.2: USB disconnect, device number 4<br>   [ 1464.014677] usb 2-1.2: new full-speed USB device number 5 using ehci-pci<br>   [ 1469.705384] usb 2-1.2: USB disconnect, device number 5<br>   [ 1469.893972] usb 2-1.2: new full-speed USB device number 6 using ehci-pci<br><br><br>GPG still works:<br><br>   [20:20:18] [remy@gateway] [ ~ ]<br>   $ gpg --card-status<br>   Reader ...........: 234B:0000:FSIJ-1.2.1-87022326:<wbr>0<br>   Application ID ...: D276000124010200FFFE8702232600<wbr>00<br>   Version ..........: 2.0<br>   Manufacturer .....: unmanaged S/N range<br>   Serial number ....: 87022326<br>   Name of cardholder: [not set]<br>   Language prefs ...: [not set]<br>   Sex ..............: unspecified<br>   URL of public key : [not set]<br>   Login data .......: [not set]<br>   Signature PIN ....: forced<br>   Key attributes ...: rsa2048 rsa2048 rsa2048<br>   Max. PIN lengths .: 127 127 127<br>   PIN retry counter : 3 3 3<br>   Signature counter : 0<br>   Signature key ....: [none]<br>   Encryption key....: [none]<br>   Authentication key: [none]<br>   General key info..: [none]<br><br><br>So now lets hope I get the bricked Nitrokeys working again with the STM device so that we can further debug them.<br></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><br><br><a href="https://raymii.org" target="_blank">https://raymii.org</a><br></div></div><div><div class="h5">
<br><div class="gmail_quote">On Wed, Aug 24, 2016 at 3:51 AM, NIIBE Yutaka <span dir="ltr"><<a href="mailto:gniibe@fsij.org" target="_blank">gniibe@fsij.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
Thanks for further experiment with Nitrokey Start.<br>
<div><div><br>
On 08/24/2016 02:26 AM, Remy van Elst wrote:<br>
> $ python2 ./upgrade_by_passwd.py ../regnual/regnual.bin<br>
> ../src/build/gnuk.bin<br>
> Admin password:<br>
> ../regnual/regnual.bin: 4372<br>
> ../src/build/gnuk.bin: 110592<br>
> CRC32: 8d82b2df<br>
><br>
> Device:<br>
> Configuration: 1<br>
> Interface: 0<br>
> 20001400:20004a00<br>
> Downloading flash upgrade program...<br>
> start 20001400<br>
> end  20002500<br>
> Run flash upgrade program...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
> Wait 1 seconds...<br>
><br>
><br>
> This goes on and on and on. Here's the dmesg output:<br>
><br>
> dmesg -wH<br>
> [Â +2.755257] usb 1-1.1: new full-speed USB device number 4 using ehci-pci<br>
> [Â +2.755257] usb 1-1.1: new full-speed USB device number 4 using ehci-pci<br>
> [ +17.034260] usb 1-1-port1: disabled by hub (EMI?), re-enabling...<br>
> [Â +0.000008] usb 1-1.1: USB disconnect, device number 4<br>
> [Â +0.188718] usb 1-1.1: new low-speed USB device number 5 using ehci-pci<br>
> [Â +0.066661] usb 1-1.1: device descriptor read/64, error -32<br>
> [Â +0.170001] usb 1-1.1: device descriptor read/64, error -32<br>
> [Â +0.173339] usb 1-1.1: new low-speed USB device number 6 using ehci-pci<br>
> [Â +0.066655] usb 1-1.1: device descriptor read/64, error -32<br>
> [Â +0.169995] usb 1-1.1: device descriptor read/64, error -32<br>
> [Â +0.173326] usb 1-1.1: new low-speed USB device number 7 using ehci-pci<br>
> [Â +0.406782] usb 1-1.1: device not accepting address 7, error -32<br>
> [Â +0.069870] usb 1-1.1: new low-speed USB device number 8 using ehci-pci<br>
> [Â +0.406659] usb 1-1.1: device not accepting address 8, error -32<br>
> [Â +0.000199] usb 1-1-port1: unable to enumerate USB device<br>
<br>
</div></div>So, reGNUal doesn't work well on the device (USB does not work).<br>
<span><br>
> I also have ordered two FST-01 without case, to see if the upgrade works<br>
> there. If that is the case, there might be a nitrokey issue. If not, then I<br>
> hope my STM adapter comes in soon to restore these devices and see if the<br>
> upgrade works via the stm.<br>
><br>
> I still have the nitrokey plugged in, lights blinking. If someone has some<br>
> magic USB scripts or so, I'll leave it plugged in as long as it goes.<br>
<br>
</span>I think that there is no way to recover, as USB seems not to be working.<br>
<br>
For your information, I show my session log with FST-01.<br>
<br>
I inserted FST-01 with Gnuk 1.0.1 on my PC.<br>
<br>
==============================<wbr>===========Â my session log<br>
$ pwd<br>
/home/gniibe/work/gnuk-1.2.1<br>
$ cd src<br>
$ ./configure --vidpid=234b:0000<br>
Header file is: board-fst-01.h<br>
Debug option disabled<br>
Configured for bare system (no-DFU)<br>
PIN pad option disabled<br>
CERT.3 Data Object is NOT supported<br>
Card insert/removal by HID device is NOT supported<br>
$ cd ..<br>
$ lsusb -d 234b:0000 -v<br>
<br>
Bus 001 Device 004: ID 234b:0000<br>
Device Descriptor:<br>
 bLength        18<br>
 bDescriptorType     1<br>
 bcdUSB        1.10<br>
 bDeviceClass      0 (Defined at Interface level)<br>
 bDeviceSubClass     0<br>
 bDeviceProtocol     0<br>
 bMaxPacketSize0    64<br>
 idVendor      0x234b<br>
 idProduct     0x0000<br>
 bcdDevice      2.00<br>
 iManufacturer      1 Free Software Initiative of Japan<br>
 iProduct        2 FSIJ USB Token<br>
 iSerial         3 FSIJ-1.0.1-50FF6E06<br>
 bNumConfigurations   1<br>
 Configuration Descriptor:<br>
  bLength         9<br>
  bDescriptorType     2<br>
  wTotalLength      86<br>
  bNumInterfaces     1<br>
  bConfigurationValue   1<br>
  iConfiguration     0<br>
  bmAttributes     0x80<br>
   (Bus Powered)<br>
  MaxPower       100mA<br>
  Interface Descriptor:<br>
   bLength         9<br>
   bDescriptorType     4<br>
   bInterfaceNumber    0<br>
   bAlternateSetting    0<br>
   bNumEndpoints      2<br>
   bInterfaceClass    11 Chip/SmartCard<br>
   bInterfaceSubClass   0<br>
   bInterfaceProtocol   0<br>
   iInterface       0<br>
   ChipCard Interface Descriptor:<br>
    bLength        54<br>
    bDescriptorType    33<br>
    bcdCCID       1.10 (Warning: Only accurate for version 1.0)<br>
    nMaxSlotIndex      0<br>
    bVoltageSupport     1 5.0V<br>
    dwProtocols       2 T=1<br>
    dwDefaultClock    3571<br>
    dwMaxiumumClock   3571<br>
    bNumClockSupported   1<br>
    dwDataRate      9600 bps<br>
    dwMaxDataRate    9600 bps<br>
    bNumDataRatesSupp.   1<br>
    dwMaxIFSD       254<br>
    dwSyncProtocols 00000000<br>
    dwMechanical   00000000<br>
    dwFeatures    00020842<br>
     Auto configuration based on ATR<br>
     Auto parameter negotation made by CCID<br>
     Short APDU level exchange<br>
    dwMaxCCIDMsgLen    271<br>
    bClassGetResponse  echo<br>
    bClassEnvelope    echo<br>
    wlcdLayout      none<br>
    bPINSupport       0<br>
    bMaxCCIDBusySlots    1<br>
   Endpoint Descriptor:<br>
    bLength         7<br>
    bDescriptorType     5<br>
    bEndpointAddress   0x81 EP 1 IN<br>
    bmAttributes      2<br>
     Transfer Type      Bulk<br>
     Synch Type        None<br>
     Usage Type        Data<br>
    wMaxPacketSize   0x0040 1x 64 bytes<br>
    bInterval        0<br>
   Endpoint Descriptor:<br>
    bLength         7<br>
    bDescriptorType     5<br>
    bEndpointAddress   0x01 EP 1 OUT<br>
    bmAttributes      2<br>
     Transfer Type      Bulk<br>
     Synch Type        None<br>
     Usage Type        Data<br>
    wMaxPacketSize   0x0040 1x 64 bytes<br>
    bInterval        0<br>
Device Status:Â Â Â 0x0000<br>
 (Bus Powered)<br>
$ cd tool<br>
$ ./upgrade_by_passwd.py -f ../regnual/regnual.bin ../src/build/gnuk.bin<br>
../regnual/regnual.bin: 4428<br>
../src/build/gnuk.bin: 110592<br>
CRC32: d746d12a<br>
<span><br>
Device:<br>
Configuration: 1<br>
Interface: 0<br>
20001400:20004a00<br>
Downloading flash upgrade program...<br>
start 20001400<br>
end  20002500<br>
Run flash upgrade program...<br>
Wait 1 seconds...<br>
</span>Device:<br>
08001000:08020000<br>
Downloading the program<br>
start 08001000<br>
end  0801b000<br>
$ lsusb -d 234b:0000 -v<br>
<br>
Bus 001 Device 006: ID 234b:0000<br>
Device Descriptor:<br>
 bLength        18<br>
 bDescriptorType     1<br>
 bcdUSB        1.10<br>
 bDeviceClass      0 (Defined at Interface level)<br>
 bDeviceSubClass     0<br>
 bDeviceProtocol     0<br>
 bMaxPacketSize0    64<br>
 idVendor      0x234b<br>
 idProduct     0x0000<br>
 bcdDevice      2.00<br>
 iManufacturer      1 Free Software Initiative of Japan<br>
 iProduct        2 Gnuk Token<br>
 iSerial         3 FSIJ-1.2.1-87061034<br>
 bNumConfigurations   1<br>
 Configuration Descriptor:<br>
  bLength         9<br>
  bDescriptorType     2<br>
  wTotalLength      93<br>
  bNumInterfaces     1<br>
  bConfigurationValue   1<br>
  iConfiguration     0<br>
  bmAttributes     0x80<br>
   (Bus Powered)<br>
  MaxPower       100mA<br>
  Interface Descriptor:<br>
   bLength         9<br>
   bDescriptorType     4<br>
   bInterfaceNumber    0<br>
   bAlternateSetting    0<br>
   bNumEndpoints      3<br>
   bInterfaceClass    11 Chip/SmartCard<br>
   bInterfaceSubClass   0<br>
   bInterfaceProtocol   0<br>
   iInterface       0<br>
   ChipCard Interface Descriptor:<br>
    bLength        54<br>
    bDescriptorType    33<br>
    bcdCCID       1.10 (Warning: Only accurate for version 1.0)<br>
    nMaxSlotIndex      0<br>
    bVoltageSupport     1 5.0V<br>
    dwProtocols       2 T=1<br>
    dwDefaultClock    4000<br>
    dwMaxiumumClock   4000<br>
    bNumClockSupported   0<br>
    dwDataRate      9600 bps<br>
    dwMaxDataRate    9600 bps<br>
    bNumDataRatesSupp.   0<br>
    dwMaxIFSD       254<br>
    dwSyncProtocols 00000000<br>
    dwMechanical   00000000<br>
    dwFeatures    0002047A<br>
     Auto configuration based on ATR<br>
     Auto voltage selection<br>
     Auto clock change<br>
     Auto baud rate change<br>
     Auto parameter negotation made by CCID<br>
     Auto IFSD exchange<br>
     Short APDU level exchange<br>
    dwMaxCCIDMsgLen    271<br>
    bClassGetResponse  echo<br>
    bClassEnvelope     FF<br>
    wlcdLayout      none<br>
    bPINSupport       0<br>
    bMaxCCIDBusySlots    1<br>
   Endpoint Descriptor:<br>
    bLength         7<br>
    bDescriptorType     5<br>
    bEndpointAddress   0x81 EP 1 IN<br>
    bmAttributes      2<br>
     Transfer Type      Bulk<br>
     Synch Type        None<br>
     Usage Type        Data<br>
    wMaxPacketSize   0x0040 1x 64 bytes<br>
    bInterval        0<br>
   Endpoint Descriptor:<br>
    bLength         7<br>
    bDescriptorType     5<br>
    bEndpointAddress   0x01 EP 1 OUT<br>
    bmAttributes      2<br>
     Transfer Type      Bulk<br>
     Synch Type        None<br>
     Usage Type        Data<br>
    wMaxPacketSize   0x0040 1x 64 bytes<br>
    bInterval        0<br>
   Endpoint Descriptor:<br>
    bLength         7<br>
    bDescriptorType     5<br>
    bEndpointAddress   0x82 EP 2 IN<br>
    bmAttributes      3<br>
     Transfer Type      Interrupt<br>
     Synch Type        None<br>
     Usage Type        Data<br>
    wMaxPacketSize   0x0004 1x 4 bytes<br>
    bInterval       255<br>
Device Status:Â Â Â 0x0000<br>
 (Bus Powered)<br>
$ cd ../test<br>
$ nosetests --with-freshen<br>
..............................<wbr>..............................<wbr>..............................<wbr>..............................<wbr>..............................<wbr>..............................<wbr>..............................<wbr>..............................<wbr>..............................<wbr>..............................<wbr>..............................<wbr>..............................<wbr>....................<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
Ran 380 tests in 473.934s<br>
<br>
OK<br>
$<br>
==============================<wbr>===========<br>
<br>
I just found that test may not work well in some environment (it has<br>
been working well for me, but newer Python-usb would cause a problem),<br>
so, I fixed in 23bbc9c755493ba5fe8317e401e087<wbr>6fd7524d40.<br>
<span>--<br>
<br>
______________________________<wbr>_________________<br>
gnuk-users mailing list<br>
<a href="mailto:gnuk-users@lists.alioth.debian.org" target="_blank">gnuk-users@lists.alioth.debian<wbr>.org</a><br>
</span><a href="https://lists.alioth.debian.org/mailman/listinfo/gnuk-users" rel="noreferrer" target="_blank">https://lists.alioth.debian.or<wbr>g/mailman/listinfo/gnuk-users</a><br>
</blockquote></div><br></div></div></div>
</blockquote></div><br></div>