[Gnuk-users] Gnuk 1.2.3: keys for firmware upgrades

Sat Apr 29 12:49:38 UTC 2017

Hello,

With FST-01, I try to extract a key for firmware updates as
documented in doc/note/firmware-update, but the script gets
257 bytes of key data rather than 256 (for any of 3 keys).

Is there something wrong about my keys?

This is what it looks like:

$ gpg --home gnupg/ --version
gpg (GnuPG) 2.1.20
libgcrypt 1.7.6
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/dti/.tmp-gnupg/gnupg/
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
$ gpg --home gnupg/ --card-status

Reader ...........: 234B:0000:FSIJ-1.2.3-87253754:0
Application ID ...: D276000124010200FFFE872537540000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87253754
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: CF29 B8A6 FC34 8C7B DAA6  1E0D 04FD EFEE 6DAA 28B0
      created ....: 2017-04-17 15:50:12
Encryption key....: F25C 6ABB CEA6 BFE0 C66A  D17A B420 3EF3 44C1 B8D1
      created ....: 2017-04-17 15:50:12
Authentication key: F4E9 047F 6DAA 9CB8 922A  5DE8 8F75 A005 8396 3DBF
      created ....: 2017-04-17 15:53:24
General key info..: pub  rsa2048/04FDEFEE6DAA28B0 2017-04-17 Вася Пушкин <vp at test.org>
sec>  rsa2048/04FDEFEE6DAA28B0  created: 2017-04-17  expires: 2019-04-17
                                card-no: FFFE 87253754
ssb>  rsa2048/B4203EF344C1B8D1  created: 2017-04-17  expires: 2019-04-17
                                card-no: FFFE 87253754
ssb>  rsa2048/8F75A00583963DBF  created: 2017-04-17  expires: 2019-04-17
                                card-no: FFFE 87253754
$ gpg-connect-agent --home gnupg/ "KEYINFO --list" /bye
S KEYINFO A2070D0277211BD4188087E31BD8B20740139A7B T D276000124010200FFFE872537540000 OPENPGP.1 - - - - -
S KEYINFO D35A3BE3C287D6DB05C5C615BB6E9C52C51B353C T D276000124010200FFFE872537540000 OPENPGP.2 - - - - -
S KEYINFO 6864BCD8D33D63FC1DA94EE67EDE26EBB1ED248F T D276000124010200FFFE872537540000 OPENPGP.3 - - - - -
OK
$ ./get-raw-key.py 6864BCD8D33D63FC1DA94EE67EDE26EBB1ED248F
len(key) = 257
Traceback (most recent call last):
  File "./get-raw-key.py", line 28, in <module>
    k = get_gpg_public_key(keygrip)
  File "./get-raw-key.py", line 23, in get_gpg_public_key
    raise ValueError, binascii.hexlify(key)
ValueError: b7cd6782738f282059a248015c4c136aa126ba0f91db90fa5c5192cd1263d1e3ac5b3747550e228e802969d1e371f8c91f3463ec973abca8030a045014da01e9b52c6e4a939230af6ae44c0ad0e4eaa3dde48a2a0caf72036d6767a783bc8ea709edd37ffb1c8203655f17cf0f635ea4fc717d15b82cbd5cc69ac6dec1fe2e4fe29333e3591dd6d7fff8787da52162a9ccfd23a94c92ac3ca48663460b9bb05cecd22df66e8571eb4408e8903688f73e89bb4236b740a765586bde1e062c5f5d4d7b02da18be0764b74c11ded95373356bd4e938ce8c4e46e505c26bb66d6be32a5f0135a8d3ccf71edbbf1fdad4bd86c93e1d805601d98a81daf2ec3eee091f29
-------------- next part --------------
A non-text attachment was scrubbed...
Name: get-raw-key.py
Type: text/x-python
Size: 904 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20170429/6bc764dc/attachment.py>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20170429/6bc764dc/attachment.sig>