[Gnuk-users] State of EdDSA in Gnuk / GnuPG

NIIBE Yutaka gniibe at fsij.org
Wed Jan 21 01:12:49 UTC 2015 

On 01/21/2015 08:05 AM, Bertrand Jacquin wrote:
> Thank you very much for that. That two patches apply finely.

Good.

>   $ python2.7 ./usb_strings.py
>   Device:
>       Vendor: Free Software Initiative of Japan
>      Product: Gnuk Token
>       Serial: FSIJ-1.1.4-50FF6A06
>     Revision: release/1.1.4
>       Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=yes:keygen=yes
>          Sys: 2.0

Great.  I guess you have a programmer to flash your FST-01.

> I can see that it fail on function gnuk_token.__init__ on line 75:
> 
>         self.__devhandle.claimInterface(interface)
> 
> This happens when gpg-agent is running. After that can changing the
> admin PIN for g.cmd_verify, it's better.

Only a single process can claim the interface of Gnuk Token.  If
scdaemon is running, you need to stop it before running any scripts.
I should have addressed that in the previous mail.

>   $ gpg --card-status | grep -F attributes
> 
>   Key attributes ...: 2048R 4096R 255?

It seems that it works.  It seems that you have registered RSA-4096
subkey for decryption.

I haven't decided a character for EdDSA (and Curve25519), or shall we
change the format here (a single character is not so expressive)?
Thus, it's '?' here.

> Then after when trying to transfer a key to the smartcard:
> 
>   $ gpg --edit-key ..
>   ..
>   sub* ed25519/0x7E28893D85B7D8D1
>        created: 2015-01-20  expires: 2017-01-19  usage: A
>   [ultimate] (1). esdf fwesdf <fwesdf at gesdg>
> 
>   gpg> keytocard
>   Please select where to store the key:
>      (3) Authentication key
>   Your selection? 3
> 
>   gpg: WARNING: such a key has already been stored on the card!
> 
>   Replace existing key? (y/N) y
>   gpg: KEYTOCARD failed: End of file
> 
> Is this something you already experienced ?

No.  The warning means that you have registered a subkey already,
haven't you?

'KEYTOCARD failed: End of file' is unexpected.

Let me try to reproduce your failure.  I will be back.

P.S.  Please check your e-mail configuration (MUA).  In your reply
message, you specified the address:

   <gnuk-users-bounces+bertrand=jacquin.bzh at lists.alioth.debian.org>

but this is a artificial (virtual) address for mailing list manager to
detect transmission error, and it's not for use by human being.
--

More information about the gnuk-users mailing list