[Gnuk-users] Firmware update by USB

Micah Anderson micah at debian.org
Sat Jan 17 17:12:11 UTC 2015 

Hello,

I'm trying to install a new version of gnuk to my token. I have a couple
problems that I wish to solve.

I was following the document[0] found in the source code under
doc/note/firmware-update

I am able to list the keygrips installed in gpg-agent with the "KEYINFO"
command, but I am unable to determine which keygrip is associated with
which subkey on the card. The output from gpg --card-status shows me the
individual key and subkey fingerprints, but the output from KEYINFO just
shows me the keygrip. I have been unsuccessful at converting between the
two in order to associate a keygrip with a specific subkey.

There are IDSTR's indicated in KEYINFO, such as "OPENPGP.1" and
"OPENPGP.2", but it is not clear which is associated with which key.

To try and just upgrade, I created a new key in a new environment so it
was clear. I then got to the stage where the document says to do:
get_public_key.py - just a minor bug here, this script is now called
get_raw_public_key.py!

I was able to get the raw key, but then when I attempted to do:
./gnuk_put_binary_libusb.py -k 0 40FD54EB.bin I was given:

Traceback (most recent call last):
  File "tool/gnuk_put_binary_libusb.py", line 112, in <module>
    main(fileid, is_update, data, passwd)
  File "tool/gnuk_put_binary_libusb.py", line 48, in main
    if gnuk.icc_get_status() == 2:
AttributeError: 'NoneType' object has no attribute 'icc_get_status'

I searched around and I found another document (also written by
NIIBE)[1], which seems to be a much more complete document - I would
strongly suggest replacing the first[0] document with this one[1]!

I followed those steps, and now when I do the gnuk_put_binary_libusb.py
command, I receive this:

Device:  007
Configuration:  1
Interface:  0
Traceback (most recent call last):
  File "tool/gnuk_put_binary_libusb.py", line 112, in <module>
    main(fileid, is_update, data, passwd)
  File "tool/gnuk_put_binary_libusb.py", line 52, in main
    gnuk.cmd_verify(BY_ADMIN, passwd)
  File "/home/micah/working/gnuk/tool/gnuk_token.py", line 249, in cmd_verify
    raise ValueError("%02x%02x" % (sw[0], sw[1]))
ValueError: 6982

before, my card-status showed:

Max. PIN lengths .: 0 0 0
PIN retry counter : 0 0 0
Signature counter : 0

but now:

Max. PIN lengths .: 127 127 127
PIN retry counter : 2 3 3
Signature counter : 0

I unblocked the card, and tried again, but still the same 6982
ValueError.

Thank you for any help you can provide!
micah


0. https://gitorious.org/gnuk/gnuk/source/e7e8b9f5ca414a5c901f61b0f043c8da42414103:doc/note/firmware-update
1. http://no-passwd.net/askbot/question/34/how-gnuk-supports-firmware-upgrade/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20150117/e04af86d/attachment.sig>

More information about the gnuk-users mailing list