Projects scd

scdProject
ActivePublic
Watch Project

Members (1)
View All

Watchers
View All

  • This project does not have any watchers.

Recent Activity
View All

Jun 2 2020

gniibe added a comment to T4957: OpenPGP card protocol 3.4 with Yubikey.

I agree.
It (only) fixed a regression where a user can specify a fingerprint to select a card (rarely used feature in the scdaemon protocol).

Jun 2 2020, 2:09 AM · scd

May 29 2020

werner added a comment to T4957: OpenPGP card protocol 3.4 with Yubikey.

Ok. However, I don't think that the fingerprint is really important. We can compute it anyway as long as we have the creation date. The keygrip is meanwhile more important but that is also easy to compute.

May 29 2020, 11:33 AM · scd
gniibe added a commit to T4957: OpenPGP card protocol 3.4 with Yubikey: rGe285b1197b93: scd: Fix condition for C5 data object for newer Yubikey..
May 29 2020, 4:22 AM · scd
gniibe added a commit to T4957: OpenPGP card protocol 3.4 with Yubikey: rGf3df8dbb696f: scd: Fix condition for C5 data object for newer Yubikey..
May 29 2020, 4:20 AM · scd
gniibe added a comment to T4957: OpenPGP card protocol 3.4 with Yubikey.

Perhaps, no change would be required.
My major concern is that: the data object for fingerprints C5 and C6 were defined as fixed-size 60-byte objects (and actually _is_ defined still in the current specification of 3.4), but it's 80-byte (newer Yubikey), which might cause problem(s).

May 29 2020, 4:04 AM · scd

May 28 2020

werner added a comment to T4957: OpenPGP card protocol 3.4 with Yubikey.

Why do you think that we need to care about the attestation key? Where possible I take in new code in account that we will have more OpenPGP keys, but right now I don't think that is makes sense to replace our data structures for that the 3 element arrays we currently use are okay for the 3 standard keys. We can latter see how to replace them. At one place I already introduced something new:

May 28 2020, 2:25 PM · scd
werner added a comment to T4957: OpenPGP card protocol 3.4 with Yubikey.

Here is a dump of my token (Yubikey 5.2.6). I used the new apdu command of gpg-card along with "undump | dumpasn1 -", which saves quite some time:

May 28 2020, 2:19 PM · scd
gniibe added a comment to T4957: OpenPGP card protocol 3.4 with Yubikey.

Hand parsing the data object content:

fa 82 01 e2
   c1 06
      010800001100
   c1 06
      010c00001100
   c1 06
      011000001100
   c1 09
      132a8648ce3d030107
   c1 06
      132b81040022
   c1 06
      132b81040023
   c1 06
      132b8104000a
   c1 0a
      132b2403030208010107
   c1 0a
      132b240303020801010b
   c1 0a
      132b240303020801010d
   c1 0a
      162b06010401da470f01
   c1 0b
      162b060104019755010501
   c2 06
      010800001100
   c2 06
      010c00001100
   c2 06
      011000001100
   c2 09
      122a8648ce3d030107
   c2 06
      122b81040022
   c2 06
      122b81040023
   c2 06
      122b8104000a
   c2 0a
      122b2403030208010107
   c2 0a
      122b240303020801010b
   c2 0a
      122b240303020801010d
   c2 0a
      162b06010401da470f01
   c2 0b
      162b060104019755010501
   c3 06
      010800001100
   c3 06
      010c00001100
   c3 06
      011000001100
   c3 09
      132a8648ce3d030107
   c3 06
      132b81040022
   c3 06
      132b81040023
   c3 06
      132b8104000a
   c3 0a
      132b2403030208010107
   c3 0a
      132b240303020801010b
   c3 0a
      132b240303020801010d
   c3 0a
      162b06010401da470f01
   c3 0b
      162b060104019755010501
   da 06
      010800001100
   da 06
      010c00001100
   da 06
      011000001100
   da 09
      132a8648ce3d030107
   da 06
      132b81040022
   da 06
      132b81040023
   da 06
      132b8104000a
   da 0a
      132b2403030208010107
   da 0a
      132b240303020801010b
   da 0a
      132b240303020801010d
   da 0a
      162b06010401da470f01
   da 0b
      162b060104019755010501
May 28 2020, 8:34 AM · scd
gniibe added a comment to T4957: OpenPGP card protocol 3.4 with Yubikey.

And here is (raw) dump of the data object FA:

May 28 2020, 8:25 AM · scd
gniibe triaged T4957: OpenPGP card protocol 3.4 with Yubikey as Normal priority.

Here is the dump of "Application Related Data" (6E):

6e 82 01 47
   4f 10
      d2760001240103040006106160490000
   5f 52 08
      00730000e0059000
   7f 74 03
      810120
   73 82 01 20
      c0 0a
         7d000bfe080000ff0000
      c1 0b
         162b06010401da470f0100
      c2 0c
         122b06010401975501050100
      c3 0b
         162b06010401da470f0100
      da 06  <-------------------------------------- This is algorithm attributes for Attestation key (Yubikey specific)
         010800001100
      c4 07
         ff7f7f7f030003
      c5 50
         eeeed1b50b1b1d9c669033fe019e94a27992b44c
         d00b630fdcb5c4397d5ffbd69aa68a3ff9f8ed10
         1b2a3d46f4f0c5afd0115e7eb858d476daf64cdb
         0000000000000000000000000000000000000000  <--- This appears to be fingerprint of Attestation key
      c6 50
         0000000000000000000000000000000000000000
         0000000000000000000000000000000000000000
         0000000000000000000000000000000000000000
         0000000000000000000000000000000000000000  <--- This appears to be fingerprint of some key related to Attestation key???
      cd 10
         5e58b1e65e58b1c55e58b1f900000000
      de 08
         0102020203028102
   7f 66 08
      02020bfe02020bfe
   d6 02
      0020
   d7 02
      0020
   d8 02
      0020
   d9 02
      0020
May 28 2020, 8:15 AM · scd
gniibe created T4957: OpenPGP card protocol 3.4 with Yubikey.
May 28 2020, 8:11 AM · scd

May 7 2020

werner added a commit to T4938: Support Signature Card V2.0 (NKS15): rGaecc008acb64: scd:nks: Get the PIN prompts right for the Signature Card.
May 7 2020, 2:08 PM · scd, Feature Request, S/MIME
werner added a commit to T4938: Support Signature Card V2.0 (NKS15): rGaf45d884aa1c: scd:nks: Support decryption using ECDH..
May 7 2020, 8:20 AM · scd, Feature Request, S/MIME
werner created T4938: Support Signature Card V2.0 (NKS15).
May 7 2020, 8:18 AM · scd, Feature Request, S/MIME

Apr 2 2020

gniibe added a comment to T4864: New scdaemon command to watch device removal.

It runs like:

$ gpg-connect-agent "scd devinfo --watch" /bye
S DEVINFO_START
S DEVINFO_END
S DEVINFO_STATUS new
S DEVINFO_START
S DEVICE generic D276000124010200F517000000010000 openpgp
S DEVINFO_END
S DEVINFO_STATUS removal
S DEVINFO_START
S DEVINFO_END
OK
$
Apr 2 2020, 8:49 AM · Testing, Feature Request, scd, Bug Report
gniibe changed the status of T4864: New scdaemon command to watch device removal from Open to Testing.

Push the change to master.

Apr 2 2020, 8:46 AM · Testing, Feature Request, scd, Bug Report
gniibe added a commit to T4864: New scdaemon command to watch device removal: rG2ccbcfec121f: scd: New command DEVINFO..
Apr 2 2020, 8:45 AM · Testing, Feature Request, scd, Bug Report

Mar 20 2020

werner closed T4832: card: when KDF is enabled, use of pinpad input should be disabled as Resolved.
Mar 20 2020, 5:59 PM · Testing, gnupg (gpg22), scd, Bug Report
aheinecke added a comment to T4884: PKCS #15 support in gpgsm.

The return value that was mapped to invalid value was "SW_WRONG_LENGTH" so I tested using the codepath for the SW_EXACT_LENGTH sw return value, too and it worked for readcert.

Mar 20 2020, 3:52 PM · scd, S/MIME
aheinecke created T4884: PKCS #15 support in gpgsm.
Mar 20 2020, 12:27 PM · scd, S/MIME

Mar 19 2020

gniibe added a comment to T4864: New scdaemon command to watch device removal.

Created https://dev.gnupg.org/source/gnupg/history/gniibe%252Fscd-watch/

Mar 19 2020, 6:28 AM · Testing, Feature Request, scd, Bug Report

Mar 18 2020

werner moved T4832: card: when KDF is enabled, use of pinpad input should be disabled from Backlog to For next release on the gnupg (gpg22) board.
Mar 18 2020, 4:06 PM · Testing, gnupg (gpg22), scd, Bug Report
werner added a commit to T4832: card: when KDF is enabled, use of pinpad input should be disabled: rGb27e20a95cb7: scd: Disable pinpad if it's impossible by KDF DO..
Mar 18 2020, 4:06 PM · Testing, gnupg (gpg22), scd, Bug Report
werner added a comment to T4832: card: when KDF is enabled, use of pinpad input should be disabled.

Backported to 2.2

Mar 18 2020, 4:06 PM · Testing, gnupg (gpg22), scd, Bug Report

Mar 17 2020

gniibe closed T4880: npth: Add functions to wake up condition variable, a subtask of T4864: New scdaemon command to watch device removal, as Invalid.
Mar 17 2020, 2:59 AM · Testing, Feature Request, scd, Bug Report

Mar 16 2020

gniibe added a subtask for T4864: New scdaemon command to watch device removal: T4880: npth: Add functions to wake up condition variable.
Mar 16 2020, 6:03 AM · Testing, Feature Request, scd, Bug Report

Mar 12 2020

gniibe added a project to T4301: Handling multiple subkeys on two SmartCards: Testing.
Mar 12 2020, 6:45 AM · Testing, gnupg, scd, Bug Report
gniibe changed the status of T3300: scd: Support multiple readers by PC/SC driver from Open to Testing.
Mar 12 2020, 6:36 AM · Testing, gnupg (gpg23), scd
gniibe changed the status of T4673: 2.3-only: Don't fallback to PC/SC on failure by the internal CCID driver, only use PC/SC when --disable-ccid is specified from Open to Testing.
Mar 12 2020, 6:31 AM · Testing, scd, Feature Request

Mar 3 2020

gniibe triaged T4864: New scdaemon command to watch device removal as Normal priority.
Mar 3 2020, 8:26 AM · Testing, Feature Request, scd, Bug Report
gniibe claimed T4864: New scdaemon command to watch device removal.
Mar 3 2020, 8:26 AM · Testing, Feature Request, scd, Bug Report
gniibe created T4864: New scdaemon command to watch device removal.
Mar 3 2020, 8:26 AM · Testing, Feature Request, scd, Bug Report

Feb 28 2020

gniibe added a project to T4832: card: when KDF is enabled, use of pinpad input should be disabled: Testing.
Feb 28 2020, 8:39 AM · Testing, gnupg (gpg22), scd, Bug Report
gniibe changed the status of T3891: kdf-setup does not set admin and user PIN codes, a subtask of T3152: KDF DO support in OpenPGP card, from Open to Testing.
Feb 28 2020, 8:34 AM · scd
gniibe changed the status of T3891: kdf-setup does not set admin and user PIN codes from Open to Testing.

I pushed the change to master.

Feb 28 2020, 8:34 AM · Testing, scd, Bug Report
gniibe changed the status of T3891: kdf-setup does not set admin and user PIN codes, a subtask of T3823: gpg frontend support to setup KDF DO, from Open to Testing.
Feb 28 2020, 8:34 AM · scd
gniibe added a commit to T3891: kdf-setup does not set admin and user PIN codes: rG3ba7c9bcf7f1: scd: Improve setattr for KDF..
Feb 28 2020, 8:04 AM · Testing, scd, Bug Report

Feb 17 2020

gniibe added a commit to T4832: card: when KDF is enabled, use of pinpad input should be disabled: rG95c7498b7623: scd: Disable pinpad if it's impossible by KDF DO..
Feb 17 2020, 9:50 AM · Testing, gnupg (gpg22), scd, Bug Report
gniibe changed the status of T4832: card: when KDF is enabled, use of pinpad input should be disabled from Open to Testing.

Fixed in master.

Feb 17 2020, 9:48 AM · Testing, gnupg (gpg22), scd, Bug Report

Feb 12 2020

aheinecke claimed T4793: New GPGME API to support card personalization.
Feb 12 2020, 11:59 AM · scd, gpgme

Jan 31 2020

werner edited projects for T4832: card: when KDF is enabled, use of pinpad input should be disabled, added: gnupg (gpg22); removed gnupg.
Jan 31 2020, 11:30 AM · Testing, gnupg (gpg22), scd, Bug Report

Jan 30 2020

gniibe claimed T4832: card: when KDF is enabled, use of pinpad input should be disabled.
Jan 30 2020, 5:19 PM · Testing, gnupg (gpg22), scd, Bug Report
gniibe created T4832: card: when KDF is enabled, use of pinpad input should be disabled.
Jan 30 2020, 5:19 PM · Testing, gnupg (gpg22), scd, Bug Report

Jan 28 2020

Arnaud added a comment to T3891: kdf-setup does not set admin and user PIN codes.

I would prefer to have a procedure that do not reset PINs to their default values, but as long as all PINs are set to known and valid values when KDF is setup it will not make the token unusable after that, so it seems reasonable to me.

Jan 28 2020, 10:09 AM · Testing, scd, Bug Report
gniibe added a comment to T3891: kdf-setup does not set admin and user PIN codes.

Or, #5 would be:

Jan 28 2020, 1:59 AM · Testing, scd, Bug Report

Jan 27 2020

gniibe added a comment to T3891: kdf-setup does not set admin and user PIN codes.

@Amaud, I read your code in Python. IIUC, it asks users PW1, Reset Code, and PW3 to setup, just before registering KDF DO (as you describe in https://dev.gnupg.org/T3891#114950).

Jan 27 2020, 5:30 AM · Testing, scd, Bug Report

Jan 24 2020

gniibe added a comment to T3891: kdf-setup does not set admin and user PIN codes.

Thanks for concrete cases. Sorry, not responding earlier. It was an experimental feature, firstly only available in Gnuk Token.

Jan 24 2020, 12:19 AM · Testing, scd, Bug Report

Jan 23 2020

Arnaud added a comment to T3891: kdf-setup does not set admin and user PIN codes.

I implemented the script described previsouly (https://dev.gnupg.org/T3891#114950) in the smartpgp-cli utility provided in the SmartPGP repository (see commit https://github.com/ANSSI-FR/SmartPGP/commit/4be0fa442b43c2bafd5f0171417ff68fd88cbe2d).

Jan 23 2020, 7:53 PM · Testing, scd, Bug Report

Jan 22 2020

szszszsz-nitrokey added a comment to T3891: kdf-setup does not set admin and user PIN codes.

Some users of ours wanted to use KDF with their OpenPGP smart cards. Could you tell when solution to this issue could be expected?
Additionally, is there any workaround for the current state? Perhaps based on T3823, or on derived [1]? To which values the PINs had to be set?

Jan 22 2020, 5:25 PM · Testing, scd, Bug Report

Jan 16 2020

gniibe closed T4784: Remove referring a key by $AUTHKEYID, $ENCRKEYID, and $SIGNKEYID as Resolved.
Jan 16 2020, 5:17 AM · scd, Feature Request, gnupg