[Gnuk-users] Firmware update by USB

NIIBE Yutaka gniibe at fsij.org
Mon Jan 19 02:22:39 UTC 2015


Hello,

On 01/18/2015 02:12 AM, Micah Anderson wrote:
> I'm trying to install a new version of gnuk to my token. I have a couple
> problems that I wish to solve.

Thank you for sharing your problems.  Let me answer one by one.

> I am able to list the keygrips installed in gpg-agent with the "KEYINFO"
> command, but I am unable to determine which keygrip is associated with
> which subkey on the card.

For smartcard/token, the output of "KEYINFO --list" command is like in
this format:

    S KEYINFO <KEYGRIP> T <CARD_ID> OPENPGP.[1|2|3] - - - - -

> There are IDSTR's indicated in KEYINFO, such as "OPENPGP.1" and
> "OPENPGP.2", but it is not clear which is associated with which key.

OPENPGP.1 is a key for signing, OPENPGP.2 is a key for decryption, and
OPENPGP.3 is a key for authentication.

> The output from gpg --card-status shows me the
> individual key and subkey fingerprints, but the output from KEYINFO just
> shows me the keygrip. I have been unsuccessful at converting between the
> two in order to associate a keygrip with a specific subkey.

GnuPG 2.0 and 2.1 support --with-keygrip to show keygrip information.

> To try and just upgrade, I created a new key in a new environment so it
> was clear. I then got to the stage where the document says to do:
> get_public_key.py - just a minor bug here, this script is now called
> get_raw_public_key.py!

Thanks.  Fixed.

> I was able to get the raw key, but then when I attempted to do:
> ./gnuk_put_binary_libusb.py -k 0 40FD54EB.bin I was given:
> 
> Traceback (most recent call last):
>   File "tool/gnuk_put_binary_libusb.py", line 112, in <module>
>     main(fileid, is_update, data, passwd)
>   File "tool/gnuk_put_binary_libusb.py", line 48, in main
>     if gnuk.icc_get_status() == 2:
> AttributeError: 'NoneType' object has no attribute 'icc_get_status'
> 
> I searched around and I found another document (also written by
> NIIBE)[1], which seems to be a much more complete document - I would
> strongly suggest replacing the first[0] document with this one[1]!

I will.  But I think that I should add more document for upgrading.
I mean, I should write down the information in this message into
the official documentation.

> I followed those steps, and now when I do the gnuk_put_binary_libusb.py
> command, I receive this:
[...]
> ValueError: 6982

6982 is an authentication error of passphrase.  The script assumes
default Admin passphrase of 12345678.  It has an option '-p' when
you changed your passphrase.

The process is complecated: including registering a key for
authentication to Gnuk Token.

I wrote a script automating a part of the process, that's:
tool/upgrade_by_passwd.py

I'm going to explain how to use tool/upgrade_by_passwd.py in the next
message.
-- 



More information about the gnuk-users mailing list