[Gnuk-users] [PATCH RFC] Requiring a physical presence for authentication
NIIBE Yutaka
gniibe at fsij.org
Thu Aug 10 19:39:04 UTC 2017
Hello,
For Debconf 17 participants, I got the slot of 10AM Friday for Gnuk BoF.
Jonathan McDowell <noodles at earth.li> wrote:
> I've recently been playing with the Maple Mini as a GnuK device. It has
> a hardware button and an LED on it, and it occurred to me that I could
> add a requirement that the button must be pressed in order to perform
> any operation that requires PIN authentication. This is in *addition* to
> the PIN requirement, rather than instead of.
>
> The attached patches implement this; I've hacked up ac.c to turn on the
> LED and wait for up to 10 seconds for a button press, and return failure
> if one is not seen.
I agree that it is useful to support such UI.
For FS-BB48, I put a touch button; My plan was adding support for this
kind of UI to Gnuk. I only produced prototype of FS-BB48 (it's not in
mass production). I realized that it is not that cheap (it requires a
plastic part under the board). Gnuk enhancement for the UI have not yet
been done.
> It's hacky; I think ideally chopstx should be providing a pbutton()
> function or at least a way to query GPIOs rather than me open coding the
> function in ac.c, but it achieves what I want and thus seems to be a
> good start for potential discussion. Is this of interest to any one
> else?
Yes, it's good start with concrete code.
Last month, I got a report and patch directly to me. Its demo video is
published as:
https://www.youtube.com/watch?v=rOIYNP_3VGQ
For me, button's interfering the computation of device without informing
host sounds not good. In my opinion, it is better to improve the
protocol between host and the token. I mean, it is better for host
to know what's going on between user and the device.
> Finally although the Maple Mini is cheap and easy to play with it
> suffers from not being the best form factor. I'd much prefer something
> that I could attach to a (physical) keyring and not worry about. The
> FST-01 has a couple of GPIOs brought out IIRC, which would allow for a
> button + LED to be added, but it doesn't seem they're being produced any
> more?
Yes, it is possible attach button + LED to FST-01. There are still some
stocks at Seeed, but it is not available from Seeed Studio now,
unfortunately, due to their system change.
I will bring some of FST-01G, the version with no external flash, to the
venue of Debconf 17 on Friday.
--
More information about the gnuk-users
mailing list