[Gnuk-users] factory-reset
Jan Suhr
jan at nitrokey.com
Wed Oct 12 07:43:44 UTC 2016
Hello Niibe,
Am 12.10.2016 03:49, schrieb NIIBE Yutaka:
> Hello, Jan,
>
> Thank you for your comment.
>
> On 10/11/2016 04:58 PM, Jan Suhr wrote:
>> If in the future we ship the more attractive Gnuk 1.2 I'm afraid that
>> even more users will block their device. From my perspective it would
>> be
>> much better if Gnuk behaves like original OpenPGP Card which can be
>> factory-reset without any PIN. Of course you have your good reasons to
>> built Gnuk as it is. Perhaps it would be a solution to provide a
>> compilation option to enable/disable device reset?
>
> I understand your point:
>
> In the use case of distributing Gnuk for other users (who have no
> experience), it is the most common failure mode.
>
> OK, I'll add the factory reset feature of OpenPGP card to Gnuk with
> compile-time option. Enabling the option is up to those who compile
That would be wonderful! Thank you very much.
> Gnuk to flash into a device. A (power) user can upgrade the firmware
> by herself (with the feature disabled).
>
> Personally, I also have a reason to introduce this compile-time
> feature: I don't know how we can remove keys from original OpenPGP
> card, other than by the factory reset. Factory reset would be a
> common way removing keys (if card/token support this).
I never understood why is it like this. Why can't Gnuk behave in this
regards (when deleting keys) as Achim's "original" OpenPGP Card?
>> Alternatively: I don't know the end-to-end use case for the reset
>> code.
>> Is it desired for enterprise scenarios where the company provides Gnuk
>> devices to their employee? What I have in mind is: Would it be an
>> option
>> to change reset code so that it could trigger a factory-reset?
>
> I don't recommend the reset code for that purpose. It will be
> considered an easy backdoor to hijack the control of the card.
>
>
> In theory, it is possible for a factory to register a public key of
> RSA-2048 into Gnuk Token, so that locked card can be upgraded to new
> firmware (removing all secret). I thought that this could be an
> alternative to the factory reset, but it would be difficult to manage
> such a key, in practice, under the condition of the code is under GNU
> GPLv3.
I agree. Also we don't want to have the control of user's devices in
general.
>
> Please note that we also need to modify GnuPG to support factory-reset
> command for Gnuk Token, it is not supported now. Well, I will, too.
GnuPG 2.1 supports factory-reset of Achim's OpenPGP Card. Wouldn't you
use the same mechanism for Gnuk?
Best regards,
Jan
More information about the gnuk-users
mailing list