[Gnuk-users] [PATCH RFC] Requiring a physical presence for authentication

NIIBE Yutaka gniibe at fsij.org
Thu Aug 10 19:39:04 UTC 2017


For Debconf 17 participants, I got the slot of 10AM Friday for Gnuk BoF.

Jonathan McDowell <noodles at earth.li> wrote:
> I've recently been playing with the Maple Mini as a GnuK device. It has
> a hardware button and an LED on it, and it occurred to me that I could
> add a requirement that the button must be pressed in order to perform
> any operation that requires PIN authentication. This is in *addition* to
> the PIN requirement, rather than instead of.
> The attached patches implement this; I've hacked up ac.c to turn on the
> LED and wait for up to 10 seconds for a button press, and return failure
> if one is not seen.

I agree that it is useful to support such UI.

For FS-BB48, I put a touch button; My plan was adding support for this
kind of UI to Gnuk.  I only produced prototype of FS-BB48 (it's not in
mass production).  I realized that it is not that cheap (it requires a
plastic part under the board).  Gnuk enhancement for the UI have not yet
been done.

> It's hacky; I think ideally chopstx should be providing a pbutton()
> function or at least a way to query GPIOs rather than me open coding the
> function in ac.c, but it achieves what I want and thus seems to be a
> good start for potential discussion. Is this of interest to any one
> else?

Yes, it's good start with concrete code.

Last month, I got a report and patch directly to me.  Its demo video is
published as:


For me, button's interfering the computation of device without informing
host sounds not good.  In my opinion, it is better to improve the
protocol between host and the token.  I mean, it is better for host
to know what's going on between user and the device.

> Finally although the Maple Mini is cheap and easy to play with it
> suffers from not being the best form factor. I'd much prefer something
> that I could attach to a (physical) keyring and not worry about. The
> FST-01 has a couple of GPIOs brought out IIRC, which would allow for a
> button + LED to be added, but it doesn't seem they're being produced any
> more?

Yes, it is possible attach button + LED to FST-01.  There are still some
stocks at Seeed, but it is not available from Seeed Studio now,
unfortunately, due to their system change.

I will bring some of FST-01G, the version with no external flash, to the
venue of Debconf 17 on Friday.

More information about the gnuk-users mailing list