scdProject
ActivePublic

Watchers

  • This project does not have any watchers.

Recent Activity

Oct 15 2018

gniibe renamed T4177: card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN from card: After "forcesig" command makes "not forced", signing fails by: Bad PIN to card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN.
Oct 15 2018, 10:36 AM · scd, gnupg (gpg22)
gniibe changed the status of T4158: UIF (User Interaction Flag) DO support from Open to Testing.
Oct 15 2018, 4:28 AM · Feature Request, scd, gnupg
gniibe added a commit to T4177: card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN: rG78f542e1f449: scd: Fix signing authentication status..
Oct 15 2018, 4:25 AM · scd, gnupg (gpg22)
gniibe added a commit to T4177: card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN: rG7e2b0488d135: scd: Fix signing authentication status..
Oct 15 2018, 4:25 AM · scd, gnupg (gpg22)
gniibe changed the status of T4177: card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN from Open to Testing.
Oct 15 2018, 4:24 AM · scd, gnupg (gpg22)
gniibe updated the task description for T4177: card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN.
Oct 15 2018, 3:59 AM · scd, gnupg (gpg22)
gniibe updated the task description for T4177: card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN.
Oct 15 2018, 3:57 AM · scd, gnupg (gpg22)
gniibe created T4177: card: After "forcesig" command makes card "not forced", signing fails by: Bad PIN.
Oct 15 2018, 3:56 AM · scd, gnupg (gpg22)

Sep 27 2018

gniibe added a commit to T4158: UIF (User Interaction Flag) DO support: rG0cb65564e022: g10,scd: Support UIF changing command..
Sep 27 2018, 10:09 AM · Feature Request, scd, gnupg
gniibe added a comment to T4158: UIF (User Interaction Flag) DO support.

Interaction will be something like this:

Sep 27 2018, 8:47 AM · Feature Request, scd, gnupg
gniibe claimed T4158: UIF (User Interaction Flag) DO support.

Priority is high, because Gnuk Token requires this feature for testing its implementation.

Sep 27 2018, 8:31 AM · Feature Request, scd, gnupg
gniibe created T4158: UIF (User Interaction Flag) DO support.
Sep 27 2018, 8:30 AM · Feature Request, scd, gnupg

Aug 24 2018

nephirus closed T4097: scdaemon does not handle extended APDUs correctly as Invalid.

Thank you for the clarification. For now, I'll modify our implementation to use shorter length representation and close this bug as Invalid.
However, I'm still not convinced that using hard-coded arguments is the right way to handle requests. I'll do some more testing and if I discover a legitimate use-case that requires long APDUs, I'll reopen the issue.

Aug 24 2018, 5:38 PM · scd, Bug Report

Aug 17 2018

gniibe added a comment to T4097: scdaemon does not handle extended APDUs correctly.

Thanks for the information.

Aug 17 2018, 1:58 AM · scd, Bug Report

Aug 16 2018

nephirus added a comment to T4097: scdaemon does not handle extended APDUs correctly.

In our implementation, DO 0x6E contains:

Aug 16 2018, 12:15 PM · scd, Bug Report
gniibe added a comment to T4097: scdaemon does not handle extended APDUs correctly.

I don't understand the reason why 0x6E (Application Related Data) can be so long. What OpenPGP card implementation do you have?

Aug 16 2018, 6:22 AM · scd, Bug Report
gniibe claimed T4097: scdaemon does not handle extended APDUs correctly.
Aug 16 2018, 6:16 AM · scd, Bug Report

Aug 14 2018

nephirus created T4097: scdaemon does not handle extended APDUs correctly.
Aug 14 2018, 12:41 PM · scd, Bug Report

Jun 12 2018

gniibe renamed T4004: Curve25519 for Zeitcontrol card from Curve22519 for Zeitcontrol card to Curve25519 for Zeitcontrol card.
Jun 12 2018, 9:51 AM · Feature Request, scd

Jun 6 2018

werner triaged T3891: kdf-setup does not set admin and user PIN codes as Normal priority.
Jun 6 2018, 5:57 PM · scd, Bug Report
Arnaud added a comment to T3891: kdf-setup does not set admin and user PIN codes.

Here is a sequence of operations/commands that permits to setup or update KDF-DO and align PIN codes accordingly:

Jun 6 2018, 2:58 PM · scd, Bug Report
gniibe closed T3823: gpg frontend support to setup KDF DO as Resolved.
Jun 6 2018, 3:41 AM · scd
gniibe closed T3823: gpg frontend support to setup KDF DO, a subtask of T3152: KDF DO support in OpenPGP card, as Resolved.
Jun 6 2018, 3:41 AM · scd

May 30 2018

werner created T4004: Curve25519 for Zeitcontrol card.
May 30 2018, 12:15 PM · Feature Request, scd

Apr 27 2018

dirk added a comment to T3576: Open PGP SmartCard V2.1 - decryption error: ERR 100663364 Missing item in object <SCD>.

Now there it gets complicated. According to the card software author in 3.3 and even 2.2 there is a fix. BUT there was a small amount of cards already created in 3.3 without the fix. Nobody ever told my how to diferentiate them.
There is no Version 3.3.1 you can by - it is only 3.3. So you can buy one and hope you have a good one.
At least this is my understanding.

Apr 27 2018, 10:20 PM · Info Needed, scd, Bug Report

Apr 26 2018

ThePowerOfDreams added a comment to T3576: Open PGP SmartCard V2.1 - decryption error: ERR 100663364 Missing item in object <SCD>.

Does v3.3.1 fix this? (The release notes for it seem to imply that's not the case.)

Apr 26 2018, 2:45 PM · Info Needed, scd, Bug Report

Apr 20 2018

gniibe added a comment to T3781: ECC encryption key on-card generation broken.

@nitroalex Perhaps, creating new ticker is better for this topic.
In the current OpenPGP card specification, there is no way for an application (except having a list of card implementation information) to know wich algo and which curve is supported or not.
So, what an application does is try and error.
I don't like this situation, but I don't know how we can modify the specification.

Apr 20 2018, 10:10 AM · g10, scd, Bug Report

Apr 19 2018

nitroalex added a comment to T3781: ECC encryption key on-card generation broken.

Well, I surely would agree (and this is only a proposal anyway), but my point here is, that OpenPGP Card does not support Curve 25519, so that one *have to* choose between those other two. Considering me a tinfoil hat person, I would rather not choose NIST, as many others wouldn't too.

Apr 19 2018, 2:27 PM · g10, scd, Bug Report

Apr 17 2018

werner closed T3842: OpenPGP Smart card V2.1 returns truncated RSA signatures if leading bytes of signature are 0 as Invalid.
Apr 17 2018, 8:33 PM · Not A Bug, scd

Apr 13 2018

werner added a comment to T3781: ECC encryption key on-card generation broken.

Neither Brainpool nor NIST curves make any sense unless there is an organizational policy requirement. Thus the --expert requirement is the Right Thing (tm).

Apr 13 2018, 12:53 PM · g10, scd, Bug Report

Apr 12 2018

nitroalex added a comment to T3781: ECC encryption key on-card generation broken.

works just fine, thx!

Apr 12 2018, 3:30 PM · g10, scd, Bug Report

Apr 11 2018

gniibe added a comment to T3891: kdf-setup does not set admin and user PIN codes.

For the situation where PINs are not factory setting, given the specification, I don't know how to achieve "to align all PWs and the KDF-DO with correct values"; It might depend on card's implementation.

Apr 11 2018, 11:07 AM · scd, Bug Report
Arnaud added a comment to T3891: kdf-setup does not set admin and user PIN codes.

You are right about the fact that multiple steps could result in unusable cards in case of power down before all commands have been issued. Nevertheless, in practice, these commands would involve very few treatments on the token (i.e. no cryptographic operation or heavy data transfer) and it should really not take long to complete the three steps (admin PIN update, user PIN update, KDF-DO update).

Apr 11 2018, 10:29 AM · scd, Bug Report
gniibe added a project to T3843: Unable to generate RSA4096 keys on Yubikey 4 on OSX Sierra: Info Needed.
Apr 11 2018, 10:02 AM · Info Needed, MacOS, yubikey, scd, Bug Report
gniibe triaged T3843: Unable to generate RSA4096 keys on Yubikey 4 on OSX Sierra as Normal priority.
Apr 11 2018, 10:02 AM · Info Needed, MacOS, yubikey, scd, Bug Report
gniibe closed T3825: Scdaemon needs to restart after wake up from sleep mode for YubiKey to work on Windows as Resolved.

Workaround is implemented in 2.2.6.

Apr 11 2018, 1:59 AM · gpg4win, gpgagent, gnupg (gpg22), scd, Windows, Bug Report, yubikey
gniibe closed T3781: ECC encryption key on-card generation broken as Resolved.

Fixed in 2.2.6.

Apr 11 2018, 1:58 AM · g10, scd, Bug Report
gniibe claimed T3891: kdf-setup does not set admin and user PIN codes.
Apr 11 2018, 1:13 AM · scd, Bug Report

Apr 10 2018

gniibe added a comment to T3891: kdf-setup does not set admin and user PIN codes.

My interpretation of the specification is different.
By requiring the condition of setting KDF-DO (it is only valid to setup KDF-DO when PINs are factory setting), Gnuk works well with current "kdf-setup".
If the procedure of setting KDF-DO includes multiple steps with KDF-DO update and PIN update, there is a risk of power down which results unusable card.

Apr 10 2018, 11:38 PM · scd, Bug Report
Arnaud added a subtask for T3152: KDF DO support in OpenPGP card: T3891: kdf-setup does not set admin and user PIN codes.
Apr 10 2018, 2:41 PM · scd
Arnaud added parent tasks for T3891: kdf-setup does not set admin and user PIN codes: T3152: KDF DO support in OpenPGP card, T3823: gpg frontend support to setup KDF DO.
Apr 10 2018, 2:41 PM · scd, Bug Report
Arnaud added a subtask for T3823: gpg frontend support to setup KDF DO: T3891: kdf-setup does not set admin and user PIN codes.
Apr 10 2018, 2:41 PM · scd
Arnaud created T3891: kdf-setup does not set admin and user PIN codes.
Apr 10 2018, 2:41 PM · scd, Bug Report

Apr 5 2018

werner added projects to T3843: Unable to generate RSA4096 keys on Yubikey 4 on OSX Sierra: scd, yubikey.
Apr 5 2018, 5:22 PM · Info Needed, MacOS, yubikey, scd, Bug Report

Apr 3 2018

gniibe added a comment to T3842: OpenPGP Smart card V2.1 returns truncated RSA signatures if leading bytes of signature are 0.

Yes, I meant the document. Please note that I am also one of users of the specification (for GnuPG, and for Gnuk Token). I am not defending, but try to explain the current situation.

Apr 3 2018, 1:30 AM · Not A Bug, scd

Apr 2 2018

MSoegtrop added a comment to T3842: OpenPGP Smart card V2.1 returns truncated RSA signatures if leading bytes of signature are 0.

I was referring to this document:

Apr 2 2018, 11:25 AM · Not A Bug, scd
gniibe added a comment to T3842: OpenPGP Smart card V2.1 returns truncated RSA signatures if leading bytes of signature are 0.

You describe it as 'manual'. AFAIK, it's the specification for the functionality.
I have an experience implementing the functionality, following the specification.
And my own implementation does always return 512 bytes for RSA-4096. So, I could support your opinion.

Apr 2 2018, 7:16 AM · Not A Bug, scd

Mar 30 2018

gniibe added a comment to T3152: KDF DO support in OpenPGP card.

I realized that KDF support may be incompatible to Gnuk's feature of "admin-less" mode.
I'm going to implement compatible KDF support to Gnuk; That is, KDF data which only has a single salt.
In this case, all KDF calculation (user, reset-code, and admin) is done with the single salt.
With single salt, admin-less mode can work with no problem.

Mar 30 2018, 4:59 AM · scd
gniibe changed the status of T3781: ECC encryption key on-card generation broken from Open to Testing.
Mar 30 2018, 4:52 AM · g10, scd, Bug Report
gniibe added a comment to T3781: ECC encryption key on-card generation broken.

Furthermore, I changed to have an explicit command: key-attr

Mar 30 2018, 4:52 AM · g10, scd, Bug Report