[Gnuk-users] Firmware update by USB
NIIBE Yutaka
gniibe at fsij.org
Mon Jan 19 02:22:39 UTC 2015
Hello,
On 01/18/2015 02:12 AM, Micah Anderson wrote:
> I'm trying to install a new version of gnuk to my token. I have a couple
> problems that I wish to solve.
Thank you for sharing your problems. Let me answer one by one.
> I am able to list the keygrips installed in gpg-agent with the "KEYINFO"
> command, but I am unable to determine which keygrip is associated with
> which subkey on the card.
For smartcard/token, the output of "KEYINFO --list" command is like in
this format:
S KEYINFO <KEYGRIP> T <CARD_ID> OPENPGP.[1|2|3] - - - - -
> There are IDSTR's indicated in KEYINFO, such as "OPENPGP.1" and
> "OPENPGP.2", but it is not clear which is associated with which key.
OPENPGP.1 is a key for signing, OPENPGP.2 is a key for decryption, and
OPENPGP.3 is a key for authentication.
> The output from gpg --card-status shows me the
> individual key and subkey fingerprints, but the output from KEYINFO just
> shows me the keygrip. I have been unsuccessful at converting between the
> two in order to associate a keygrip with a specific subkey.
GnuPG 2.0 and 2.1 support --with-keygrip to show keygrip information.
> To try and just upgrade, I created a new key in a new environment so it
> was clear. I then got to the stage where the document says to do:
> get_public_key.py - just a minor bug here, this script is now called
> get_raw_public_key.py!
Thanks. Fixed.
> I was able to get the raw key, but then when I attempted to do:
> ./gnuk_put_binary_libusb.py -k 0 40FD54EB.bin I was given:
>
> Traceback (most recent call last):
> File "tool/gnuk_put_binary_libusb.py", line 112, in <module>
> main(fileid, is_update, data, passwd)
> File "tool/gnuk_put_binary_libusb.py", line 48, in main
> if gnuk.icc_get_status() == 2:
> AttributeError: 'NoneType' object has no attribute 'icc_get_status'
>
> I searched around and I found another document (also written by
> NIIBE)[1], which seems to be a much more complete document - I would
> strongly suggest replacing the first[0] document with this one[1]!
I will. But I think that I should add more document for upgrading.
I mean, I should write down the information in this message into
the official documentation.
> I followed those steps, and now when I do the gnuk_put_binary_libusb.py
> command, I receive this:
[...]
> ValueError: 6982
6982 is an authentication error of passphrase. The script assumes
default Admin passphrase of 12345678. It has an option '-p' when
you changed your passphrase.
The process is complecated: including registering a key for
authentication to Gnuk Token.
I wrote a script automating a part of the process, that's:
tool/upgrade_by_passwd.py
I'm going to explain how to use tool/upgrade_by_passwd.py in the next
message.
--
More information about the gnuk-users
mailing list