[Gnuk-users] Gnuk (on "Blue Pill") issues

NIIBE Yutaka gniibe at fsij.org
Thu Aug 3 07:06:41 UTC 2017

Jeremy Drake <jeremydrake+gnuk at eacceleration.com> wrote:
> 1) I have not been able to find any tool, other than the 
> gnuk_put_binary_libusb.py script in the repository, that is able to load a 
> cardholder certificate.  The main contenders were pkcs15-init 
> --store-certificate, and gpg --card-edit's 'writecert 3 < file.der'

Sorry, for cardholder certificate, gpg --card-edit doesn't work with Gnuk

Because of its size, cardholder certificate is most difficult part for
(possibly any) implemention of OpenPGPcard.  IMHO, and cardholder
certificate is questionable feature of OpenPGPcard.

> 2) The gnuk_put_binary_libusb.py script seems to work to load the 
> certificate, but claims that verify failed.  Despite this, 
> both gpg --card-edit's "readcert 3 > file.der" and pkcs15-tool 
> --read-certificate are able to get the certificate, and the certificate 
> retrieved either way compares identical to the certificate loaded.

Reading is relatively easier (to implement).  For the failure, I'll
check the script.

> 3) The firmware update mechanism, invoked via the 'upgrade_by_passwd.py' 
> script, didn't work for me.  Toward the end of the process, it printed out 
> a bunch of "failed" lines, then protected the flash and reset the device. 
> The device sometimes worked, sometimes didn't after that, and even if it 
> did seem to work it was not stable.  It had to be re-flashed over the SWD 
> port to get back to normal.  I was able to track down a cause for this, 
> and have a proposed patch that I'll send as a separate email that solves 
> this for me.

Thank you.  I didn't know that 64KB-chip has actually 128KB.  I'll merge.

More information about the gnuk-users mailing list