[Gnuk-users] [PATCH RFC] Requiring a physical presence for authentication
gniibe at fsij.org
Thu Aug 10 19:39:04 UTC 2017
For Debconf 17 participants, I got the slot of 10AM Friday for Gnuk BoF.
Jonathan McDowell <noodles at earth.li> wrote:
> I've recently been playing with the Maple Mini as a GnuK device. It has
> a hardware button and an LED on it, and it occurred to me that I could
> add a requirement that the button must be pressed in order to perform
> any operation that requires PIN authentication. This is in *addition* to
> the PIN requirement, rather than instead of.
> The attached patches implement this; I've hacked up ac.c to turn on the
> LED and wait for up to 10 seconds for a button press, and return failure
> if one is not seen.
I agree that it is useful to support such UI.
For FS-BB48, I put a touch button; My plan was adding support for this
kind of UI to Gnuk. I only produced prototype of FS-BB48 (it's not in
mass production). I realized that it is not that cheap (it requires a
plastic part under the board). Gnuk enhancement for the UI have not yet
> It's hacky; I think ideally chopstx should be providing a pbutton()
> function or at least a way to query GPIOs rather than me open coding the
> function in ac.c, but it achieves what I want and thus seems to be a
> good start for potential discussion. Is this of interest to any one
Yes, it's good start with concrete code.
Last month, I got a report and patch directly to me. Its demo video is
For me, button's interfering the computation of device without informing
host sounds not good. In my opinion, it is better to improve the
protocol between host and the token. I mean, it is better for host
to know what's going on between user and the device.
> Finally although the Maple Mini is cheap and easy to play with it
> suffers from not being the best form factor. I'd much prefer something
> that I could attach to a (physical) keyring and not worry about. The
> FST-01 has a couple of GPIOs brought out IIRC, which would allow for a
> button + LED to be added, but it doesn't seem they're being produced any
Yes, it is possible attach button + LED to FST-01. There are still some
stocks at Seeed, but it is not available from Seeed Studio now,
unfortunately, due to their system change.
I will bring some of FST-01G, the version with no external flash, to the
venue of Debconf 17 on Friday.
More information about the gnuk-users