[Gnuk-users] State of EdDSA in Gnuk / GnuPG
NIIBE Yutaka
gniibe at fsij.org
Wed Jan 21 01:12:49 UTC 2015
On 01/21/2015 08:05 AM, Bertrand Jacquin wrote:
> Thank you very much for that. That two patches apply finely.
Good.
> $ python2.7 ./usb_strings.py
> Device:
> Vendor: Free Software Initiative of Japan
> Product: Gnuk Token
> Serial: FSIJ-1.1.4-50FF6A06
> Revision: release/1.1.4
> Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=yes:keygen=yes
> Sys: 2.0
Great. I guess you have a programmer to flash your FST-01.
> I can see that it fail on function gnuk_token.__init__ on line 75:
>
> self.__devhandle.claimInterface(interface)
>
> This happens when gpg-agent is running. After that can changing the
> admin PIN for g.cmd_verify, it's better.
Only a single process can claim the interface of Gnuk Token. If
scdaemon is running, you need to stop it before running any scripts.
I should have addressed that in the previous mail.
> $ gpg --card-status | grep -F attributes
>
> Key attributes ...: 2048R 4096R 255?
It seems that it works. It seems that you have registered RSA-4096
subkey for decryption.
I haven't decided a character for EdDSA (and Curve25519), or shall we
change the format here (a single character is not so expressive)?
Thus, it's '?' here.
> Then after when trying to transfer a key to the smartcard:
>
> $ gpg --edit-key ..
> ..
> sub* ed25519/0x7E28893D85B7D8D1
> created: 2015-01-20 expires: 2017-01-19 usage: A
> [ultimate] (1). esdf fwesdf <fwesdf at gesdg>
>
> gpg> keytocard
> Please select where to store the key:
> (3) Authentication key
> Your selection? 3
>
> gpg: WARNING: such a key has already been stored on the card!
>
> Replace existing key? (y/N) y
> gpg: KEYTOCARD failed: End of file
>
> Is this something you already experienced ?
No. The warning means that you have registered a subkey already,
haven't you?
'KEYTOCARD failed: End of file' is unexpected.
Let me try to reproduce your failure. I will be back.
P.S. Please check your e-mail configuration (MUA). In your reply
message, you specified the address:
<gnuk-users-bounces+bertrand=jacquin.bzh at lists.alioth.debian.org>
but this is a artificial (virtual) address for mailing list manager to
detect transmission error, and it's not for use by human being.
--
More information about the gnuk-users
mailing list