[Gnuk-users] Gnuk (on "Blue Pill") issues
Jeremy Drake
jeremydrake+gnuk at eacceleration.com
Wed Aug 2 22:53:08 UTC 2017
Lately I've been looking at using Gnuk running on the "blue pill" boards
as a hardware token for OpenVPN. I've been very impressed with it.
During the course of my testing, I've found a few minor issues. I don't
know if they are specific to the "blue pill" board or not, but here's a
quick list:
1) I have not been able to find any tool, other than the
gnuk_put_binary_libusb.py script in the repository, that is able to load a
cardholder certificate. The main contenders were pkcs15-init
--store-certificate, and gpg --card-edit's 'writecert 3 < file.der'
2) The gnuk_put_binary_libusb.py script seems to work to load the
certificate, but claims that verify failed. Despite this,
both gpg --card-edit's "readcert 3 > file.der" and pkcs15-tool
--read-certificate are able to get the certificate, and the certificate
retrieved either way compares identical to the certificate loaded.
3) The firmware update mechanism, invoked via the 'upgrade_by_passwd.py'
script, didn't work for me. Toward the end of the process, it printed out
a bunch of "failed" lines, then protected the flash and reset the device.
The device sometimes worked, sometimes didn't after that, and even if it
did seem to work it was not stable. It had to be re-flashed over the SWD
port to get back to normal. I was able to track down a cause for this,
and have a proposed patch that I'll send as a separate email that solves
this for me.
More information about the gnuk-users
mailing list