[Gnuk-users] Gnuk (on "Blue Pill") issues

NIIBE Yutaka gniibe at fsij.org
Thu Aug 3 07:06:41 UTC 2017


Jeremy Drake <jeremydrake+gnuk at eacceleration.com> wrote:
> 1) I have not been able to find any tool, other than the 
> gnuk_put_binary_libusb.py script in the repository, that is able to load a 
> cardholder certificate.  The main contenders were pkcs15-init 
> --store-certificate, and gpg --card-edit's 'writecert 3 < file.der'

Sorry, for cardholder certificate, gpg --card-edit doesn't work with Gnuk
Token.

Because of its size, cardholder certificate is most difficult part for
(possibly any) implemention of OpenPGPcard.  IMHO, and cardholder
certificate is questionable feature of OpenPGPcard.

> 2) The gnuk_put_binary_libusb.py script seems to work to load the 
> certificate, but claims that verify failed.  Despite this, 
> both gpg --card-edit's "readcert 3 > file.der" and pkcs15-tool 
> --read-certificate are able to get the certificate, and the certificate 
> retrieved either way compares identical to the certificate loaded.

Reading is relatively easier (to implement).  For the failure, I'll
check the script.

> 3) The firmware update mechanism, invoked via the 'upgrade_by_passwd.py' 
> script, didn't work for me.  Toward the end of the process, it printed out 
> a bunch of "failed" lines, then protected the flash and reset the device. 
> The device sometimes worked, sometimes didn't after that, and even if it 
> did seem to work it was not stable.  It had to be re-flashed over the SWD 
> port to get back to normal.  I was able to track down a cause for this, 
> and have a proposed patch that I'll send as a separate email that solves 
> this for me.

Thank you.  I didn't know that 64KB-chip has actually 128KB.  I'll merge.
-- 



More information about the gnuk-users mailing list