[Gnuk-users] gnuk-users Digest, Vol 107, Issue 3
Srinivas V
vsrinu26f at gmail.com
Thu Jan 11 03:17:10 UTC 2018
Do keytocard before setting passwords. Reason: there is nothing to encrypt.
Seems some passwords are not stored. More secure.
Regarding bricking: power off then power on then try swd flash.
On Jan 10, 2018 1:09 AM, <gnuk-users-request at lists.alioth.debian.org> wrote:
> Send gnuk-users mailing list submissions to
> gnuk-users at lists.alioth.debian.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
> or, via email, send a message with subject or body 'help' to
> gnuk-users-request at lists.alioth.debian.org
>
> You can reach the person managing the list at
> gnuk-users-owner at lists.alioth.debian.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of gnuk-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Fwd: Conditions for changing admin PIN not clarified
> (GNUK) (NIIBE Yutaka)
> 2. Re: Making use of FST-01 SPI flash in Gnuk token (NIIBE Yutaka)
> 3. Alioth Shutdown (NIIBE Yutaka)
> 4. Re: Alioth Shutdown (Daniel Kahn Gillmor)
> 5. Re: Making use of FST-01 SPI flash in Gnuk token (Duncan)
> 6. Bricked FST-01 running tip-of-tree gnuk (Mike Tsao)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 10 Jan 2018 06:09:36 +0900
> From: NIIBE Yutaka <gniibe at fsij.org>
> To: Alexander Paetzelt | Nitrokey <alex at nitrokey.com>
> Cc: Gnuk and NeuG <gnuk-users at lists.alioth.debian.org>
> Subject: Re: [Gnuk-users] Fwd: Conditions for changing admin PIN not
> clarified (GNUK)
> Message-ID: <87a7xmwxgv.fsf at fsij.org>
> Content-Type: text/plain
>
> Alexander Paetzelt | Nitrokey <alex at nitrokey.com> wrote:
> > sorry for crossposting (see below), but as it has probably something to
> > do with Gnuk implementation I want to try here. Maybe someone has an
> idea.
>
> It is a bug of Gnuk. I'll fix.
> --
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 10 Jan 2018 06:21:04 +0900
> From: NIIBE Yutaka <gniibe at fsij.org>
> To: Duncan <dguthrie at posteo.net>
> Cc: gnuk-users at lists.alioth.debian.org
> Subject: Re: [Gnuk-users] Making use of FST-01 SPI flash in Gnuk token
> Message-ID: <877esqwwxr.fsf at fsij.org>
> Content-Type: text/plain
>
> Duncan <dguthrie at posteo.net> wrote:
> > As I understand it, the devices sold via Seeed Studio Bazaar had the
> > link to the documentation on this flash.
> >
> > This strikes me as a useful thing. I'd like to accomplish the following:
> >
> > 1. Build the latest Gnuk token firmware
> > 2. Install my public key and miscellaneous other data onto the SPI flash.
> > 3. Expand the size of the flash (I am thinking this might not be
> > possible, from glancing over certain datasheets).
> >
> > In the original firmware, how did the flash appear? I assume it had a
> > filesystem on it, probably vFAT? If so, can we make use of a different
> > filesystem, just out of interest?
>
> No, the flash is not used at all by the firmware (Gnuk). We only have a
> little access code for that in gnuk/tool/stlinkv2.py. That's all.
>
> >From hardware point of view (wa have space on PCB), I put the serial
> flash to FST-01, hoping it will be useful. But, I was not able to find
> any useful way, in fact.
>
> In FST-01G (I manufactured last year), I drooped the serial flash (as
> the part is not available any more).
>
> Expanding the firmware, it would be somehow possible to give the access
> to the serial flash through USB Mass Storage Class to users, but it will
> be slow, given the condition of available memory size of STM32F103.
>
> If we do by USB Mass Storage Class, file system handling is done by host
> PC.
> --
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 10 Jan 2018 06:27:48 +0900
> From: NIIBE Yutaka <gniibe at fsij.org>
> To: Gnuk and NeuG <gnuk-users at lists.alioth.debian.org>
> Subject: [Gnuk-users] Alioth Shutdown
> Message-ID: <874lnuwwmj.fsf at fsij.org>
> Content-Type: text/plain
>
> Hello,
>
> Alioth will shutdown, this year [0].
>
> I am going to copy Git repos to salsa.debian.org under the group Debian,
> hoping we will have package in Debian too.
>
> Mailing list will be stopped. I don't know if we can move this list to
> lists.debian.org [1]. When I will attend FOSDEM, I will seek some
> place, if it's not.
>
> I will put information of mailing list on www.fsij.org/gnuk/ .
>
> [0] https://wiki.debian.org/Alioth
> [1] https://lists.debian.org/debian-devel-announce/2017/09/msg00004.html
> --
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 09 Jan 2018 18:36:19 -0500
> From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
> To: NIIBE Yutaka <gniibe at fsij.org>, Gnuk and NeuG
> <gnuk-users at lists.alioth.debian.org>
> Subject: Re: [Gnuk-users] Alioth Shutdown
> Message-ID: <87shbe4nbg.fsf at fifthhorseman.net>
> Content-Type: text/plain
>
> On Wed 2018-01-10 06:27:48 +0900, NIIBE Yutaka wrote:
> > Hello,
> >
> > Alioth will shutdown, this year [0].
> >
> > I am going to copy Git repos to salsa.debian.org under the group Debian,
> > hoping we will have package in Debian too.
> >
> > Mailing list will be stopped. I don't know if we can move this list to
> > lists.debian.org [1]. When I will attend FOSDEM, I will seek some
> > place, if it's not.
>
> Werner Koch seemed willing to host related lists on the GnuPG mailing
> list infrastructure. Maybe you could ask him whether he'd be willing to
> host a gnuk-users at gnupg.org list ?
>
> Regards,
>
> --dkg
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 10 Jan 2018 02:21:07 +0100
> From: Duncan <dguthrie at posteo.net>
> To: Gnuk and NeuG <gnuk-users at lists.alioth.debian.org>
> Subject: Re: [Gnuk-users] Making use of FST-01 SPI flash in Gnuk token
> Message-ID: <1fe834f522e0151807ad003b62fb534d at posteo.net>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
>
> Hello Mr. Niibe,
>
> Thank you for your helpful and considered reply.
>
> However, I think I was not very clear in my intent. While it would be
> nice if the firmware were able to make use of the flash, I am wondering
> how one can allow the host computer to access the flash, like a mass
> storage device.
>
> For instance, I would like to be able to plug in my FST-01 device into
> my laptop computer, and then have a mass storage device appear, on which
> I could deposit files of my choosing. I don't really mind about the
> speed, considering the space is constrained in the first place.
>
> However, from your email it appears that this is not implemented
> properly yet, and it sounds like it wouldn't be a priority, for
> understandable reasons.
>
> I'm sorry if I wasn't very clear.
>
> Thank you,
> Duncan
>
> On 09.01.2018 22:21, NIIBE Yutaka wrote:
> > Duncan <dguthrie at posteo.net> wrote:
> >> As I understand it, the devices sold via Seeed Studio Bazaar had the
> >> link to the documentation on this flash.
> >>
> >> This strikes me as a useful thing. I'd like to accomplish the
> >> following:
> >>
> >> 1. Build the latest Gnuk token firmware
> >> 2. Install my public key and miscellaneous other data onto the SPI
> >> flash.
> >> 3. Expand the size of the flash (I am thinking this might not be
> >> possible, from glancing over certain datasheets).
> >>
> >> In the original firmware, how did the flash appear? I assume it had a
> >> filesystem on it, probably vFAT? If so, can we make use of a different
> >> filesystem, just out of interest?
> >
> > No, the flash is not used at all by the firmware (Gnuk). We only have
> > a
> > little access code for that in gnuk/tool/stlinkv2.py. That's all.
> >
> > From hardware point of view (wa have space on PCB), I put the serial
> > flash to FST-01, hoping it will be useful. But, I was not able to find
> > any useful way, in fact.
> >
> > In FST-01G (I manufactured last year), I drooped the serial flash (as
> > the part is not available any more).
> >
> > Expanding the firmware, it would be somehow possible to give the access
> > to the serial flash through USB Mass Storage Class to users, but it
> > will
> > be slow, given the condition of available memory size of STM32F103.
> >
> > If we do by USB Mass Storage Class, file system handling is done by
> > host
> > PC.
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 10 Jan 2018 07:09:19 +0000
> From: Mike Tsao <mike at sowbug.com>
> To: gnuk-users at lists.alioth.debian.org
> Subject: [Gnuk-users] Bricked FST-01 running tip-of-tree gnuk
> Message-ID:
> <CACi+kjqVcSEjoEyEBU3vdZm3bo9Rw60ANBx0RXWTD8ZTEV8Okg at mail.gmail.
> com>
> Content-Type: text/plain; charset="utf-8"
>
> My FST-01 is in a state where it can't be unblocked using gpg, nor can it
> be reflashed using an SWD connection. Here is my story.
>
> I ordered two FST-01 devices from SeeedStudio. They arrived today. I
> inserted one into my Linux machine and updated the firmware to the latest
> version using this guide:
> https://raymii.org/s/tutorials/FST-01_firmware_upgrade_via_usb.html. The
> most recent commit was this:
>
> commit 4ff0b3c5f896750a14b6a5d1853ac9246ecc506e
> Author: NIIBE Yutaka <gniibe at fsij.org>
> Date: Tue Jan 9 09:39:42 2018 +0900
>
> tests: Fix for card readers.
>
> gpg2 --card-status seemed to work fine, and usb_strings.py reported version
> 1.2.7:
>
> $ ./tool/usb_strings.py
> Vendor: Free Software Initiative of Japan
> Product: Gnuk Token
> Serial: FSIJ-1.2.7-87061942
> Revision: release/1.2.7-3-g4ff0b3c
> Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=no:factory_reset=no
> Sys: 1.0
>
> I then began configuring the device as a normal OpenPGP smart card. I set
> the admin PIN, reset code, and user PIN. I then attempted a "keytocard"
> operation with my existing RSA-4096 encryption key, but when I was prompted
> for the admin PIN, it failed. I entered it again, being careful that it was
> the same one that I had set minutes earlier. It didn't work. I eventually
> locked myself out of the device:
>
> $ gpg2 --card-status
> Reader ...........: 234B:0000:FSIJ-1.2.7-87061942:0
> Application ID ...: D276000124010200FFFE870619420000
> Version ..........: 2.0
> Manufacturer .....: unmanaged S/N range
> Serial number ....: 87061942
> Name of cardholder: Mike Tsao
> Language prefs ...: [not set]
> Sex ..............: unspecified
> URL of public key : https://keybase.io/sowbug/key.asc
> Login data .......: [not set]
> Signature PIN ....: forced
> Key attributes ...: rsa2048 rsa4096 rsa2048
> Max. PIN lengths .: 127 127 127
> PIN retry counter : 0 3 0
> Signature counter : 0
> Signature key ....: [none]
> Encryption key....: [none]
> Authentication key: [none]
> General key info..: [none]
>
> I concluded that I would have to reflash the device using stlinkv2.py -u,
> but it gave an unexpected error:
>
> $ sudo ./tool/stlinkv2.py -u
> ST-Link/V2 version info: 2 29 7
> Change ST-Link/V2 mode 0002 -> 0002
> Core does not halt, try API V2 halt.
> ValueError('Status of core is not halt.', 128)
>
> I attempted to connect to the device using a Windows machine and the
> official STM STLink utility. It didn't work. I then connected to the second
> FST-01, which was still new. The Windows STLink utility recognized it.
> usb_strings.py also recognizes it:
>
> $ ./tool/usb_strings.py
> Vendor: Free Software Initiative of Japan
> Product: FSIJ USB Token
> Serial: FSIJ-1.0.1-50FF6E06
> Revision: release/1.0.1
> Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=yes:keygen=yes
> Sys: 1.0
>
> At this point I know the following:
>
> - My ST-Link v2 programmer works.
> - My jumper connections are correct.
> - The second FST-01 is able to talk to the ST-Link programmer and utility.
> - The first FST-01 is not able to connect to the ST-Link or be reflashed.
> - I believe I fell victim to the issue where PINs cannot be set until the
> FST-01 has at least one key loaded on it (I read about this after making
> the mistake).
> - I do not understand why the first FST-01 no longer responds to the
> ST-Link SWD connection.
> - I built the gnuk software with its defaults, so it doesn't have the
> factory reset option.
> - My FST-01 is now useless, because it is running gnuk with PIN retry
> counter : 0 3 0
>
> What can I do to unbrick this device?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/
> attachments/20180110/2c30d091/attachment.html>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> gnuk-users mailing list
> gnuk-users at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
>
>
> ------------------------------
>
> End of gnuk-users Digest, Vol 107, Issue 3
> ******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20180110/6395c529/attachment-0001.html>
More information about the gnuk-users
mailing list