forked from Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
787 lines
24 KiB
787 lines
24 KiB
Gnuk NEWS - User visible changes |
|
|
|
* Major changes in Gnuk 1.2.6 |
|
|
|
Released 2017-10-11, by NIIBE Yutaka |
|
|
|
** Port to GNU/Linux emulation |
|
We can "run" Gnuk Token on GNU/Linux by emulation through USBIP. |
|
|
|
** Upgrade of Chopstx |
|
We use Chopstx 1.5. |
|
|
|
|
|
* Major changes in Gnuk 1.2.5 |
|
|
|
Released 2017-08-11, by NIIBE Yutaka |
|
|
|
** "factory-reset" fix |
|
Gnuk's behavior was implemented by referring the gpg implementation. |
|
It found that gpg implementation was not good from the viewpoint of |
|
the OpenPGP card specification. GnuPG was fixed to match the OpenPGP |
|
card specification already. Thus, Gnuk is now fixed. |
|
|
|
** Upgrade of Chopstx |
|
We use Chopstx 1.4. |
|
|
|
|
|
* Major changes in Gnuk 1.2.4 |
|
|
|
Released 2017-05-12, by NIIBE Yutaka |
|
|
|
** Flash ROM security fix |
|
The partial content of flash ROM might be exposed when scanning of |
|
data object had a problem. Added boundary check and changed layout of |
|
flash ROM. |
|
|
|
|
|
* Major changes in Gnuk 1.2.3 |
|
|
|
Released 2017-02-02, by NIIBE Yutaka |
|
|
|
** ECC key generation on the device |
|
Bug fixed. |
|
|
|
** Upgrade of Chopstx |
|
We use Chopstx 1.3. |
|
|
|
|
|
* Major changes in Gnuk 1.2.2 |
|
|
|
Released 2016-10-15, by NIIBE Yutaka |
|
|
|
** Change of SELECT FILE behavior |
|
Gnuk used to reply AID upon SELECT FILE command. Now, to be compatible |
|
to original OpenPGP card, it returns nothing but status code of 9000. |
|
|
|
** Added feature of Factory Reset as compile time option |
|
Original OpenPGP card has the feature, and Gnuk is now configurable to |
|
support the feature. |
|
|
|
** Upgrade of Chopstx |
|
We use Chopstx 1.2. |
|
|
|
|
|
* Major changes in Gnuk 1.2.1 |
|
|
|
Released 2016-07-11, by NIIBE Yutaka |
|
|
|
** Upgrade of Chopstx |
|
We use Chopstx 1.1. |
|
|
|
|
|
* Major changes in Gnuk 1.2.0 |
|
|
|
Released 2016-05-20, by NIIBE Yutaka |
|
|
|
** Upgrade of Chopstx |
|
We use Chopstx 0.11. |
|
|
|
** Support authentication status reset by VERIFY command. |
|
This feature is described in the OpenPGPcard specification V2.2 and |
|
V3.1, which allow user to reset authentication status. |
|
|
|
** S2K algorithm tweak to defeat "copycat" service of MCU. |
|
Even if the existence of some services copying MCU, your private key |
|
will not be controled by others, in some cases. |
|
|
|
** Bug fix for secp256k1 and NIST P-256. |
|
Bugs in basic computation were fixed. |
|
|
|
** Bug fix for bignum routines. |
|
Bignum routine update from upstream (failure doesn't occur for our RSA |
|
computation, though). Another fix for mpi_exp_mod. |
|
|
|
|
|
* Major changes in Gnuk 1.1.9 |
|
|
|
Released 2015-09-18, by NIIBE Yutaka |
|
|
|
** Bug fix for Ed25519 and Curve25519 |
|
When registering key, wrong operations were not detected correctly. |
|
This is fixed. |
|
|
|
|
|
* Major changes in Gnuk 1.1.8 |
|
|
|
Released 2015-09-17, by NIIBE Yutaka |
|
|
|
** Upgrade of Chopstx |
|
We use Chopstx 0.10, which supports Nitrokey-Start. |
|
|
|
** Card serial number |
|
The way to determine a serial number of Gnuk Token for card has been |
|
changed. It uses the 96-bit unique bits of MCU, but the portion for |
|
use is changed. |
|
|
|
** USB Reset handling |
|
USB reset lets Gnuk Token restart. It would not be perfect, when it's |
|
during computation of some function, but most parts are protected by |
|
Chopstx's feature of cancellation. |
|
|
|
|
|
* Major changes in Gnuk 1.1.7 |
|
|
|
Released 2015-08-05, by NIIBE Yutaka |
|
|
|
** Upgrade of Chopstx |
|
We use Chopstx 0.08, which supports STM32 Nucleo and ST Dongle. |
|
|
|
|
|
* Major changes in Gnuk 1.1.6 |
|
|
|
Released 2015-07-21, by NIIBE Yutaka |
|
|
|
** USB SerialNumber String |
|
The way to determine a serial number of Gnuk Token has been changed. |
|
It uses the 96-bit unique bits of MCU, but the portion for use is |
|
changed. |
|
|
|
** Upgrade of Chopstx |
|
We use Chopstx 0.07, which supports STM32 Primer2 and CQ STARM, too. |
|
|
|
** Experimental Curve25519 support. |
|
|
|
Gnuk can support Curve25519 (for decryption). Note that this is |
|
pretty much experimental, and subjects to change. The low level code |
|
is somehow stable, but there are no consensus in higer level. |
|
Especially, OID in the key attribute would be changed in future. |
|
|
|
** No --enable-keygen option |
|
It is now standard feature included always. Note that it doesn't mean |
|
this feature is stable now. It is becoming stable, hopefully. |
|
|
|
|
|
* Major changes in Gnuk 1.1.5 |
|
|
|
Released 2015-06-03, by NIIBE Yutaka |
|
|
|
** upgrade_by_passwd.py is not so noisy any more. |
|
Since it's getting stable, no debug output any more. |
|
|
|
** Maple mini support. |
|
Although its random number generation is not tested, Maple mini |
|
support is added. |
|
|
|
** Windows interoperability fix. |
|
1.1.x (0 to 4) didn't work with Windows because of INTERRUPT transfer. |
|
It's fixed and it works now. |
|
|
|
** OpenPGPcard specification v3.0 compatibility. |
|
OpenPGPcard specification v3.0 now include NIST curves (and other |
|
curves) and ECDSA and ECDH operations are defined. Gnuk follows |
|
this specification. |
|
|
|
|
|
* Major changes in Gnuk 1.1.4 |
|
|
|
Released 2014-12-15, by NIIBE Yutaka |
|
|
|
** Experimental RSA-4096 support. |
|
Although it takes too long (more than 8.7 second), RSA-4096 |
|
is now implemented. |
|
|
|
** ECDH support. |
|
ECDH is now supported. You need development branch (master) |
|
of GnuPG to use this feature. |
|
|
|
** ECDSA and EdDSA is not that experimental. |
|
You don't need to edit DEFS variable in src/Makefile. |
|
|
|
** STM8S_DISCOVERY is not supported any more. |
|
It's flash ROM size (64KiB) is a bit small to have all features of |
|
Gnuk now. If you manually edit code to limit the size of executable, |
|
it still could run Gnuk, though. |
|
|
|
** configure's default target is now FST-01. |
|
Receiving reports from those who complain default target, I |
|
reconsidered. Those who has Olimex STM32 H103 usually has JTAG |
|
debugger, while FST-01 users don't. So, to be safe, the default |
|
target is now FST-01, instead of Olimex STM32 H103. |
|
|
|
|
|
* Major changes in Gnuk 1.1.3 |
|
|
|
Released 2014-04-16, by NIIBE Yutaka |
|
|
|
** Experimental EdDSA support. |
|
After configure, you can edit the DEFS variable in src/Makefile, so |
|
that Gnuk can support EdDSA with Ed25519 (for authentication). Note |
|
that this is pretty much experimental, and subjects to change. |
|
|
|
|
|
* Major changes in Gnuk 1.1.2 |
|
|
|
Released 2014-03-07, by NIIBE Yutaka |
|
|
|
** Experimental ECC support for secp256k1. |
|
After configure, you can edit the DEFS variable in src/Makefile, so |
|
that Gnuk can support ECDSA with NIST P256 (for authentication), and |
|
ECDSA with secp256k1 (for signature). Note that this is pretty much |
|
experimental, and subjects to change. |
|
|
|
|
|
* Major changes in Gnuk 1.1.1 |
|
|
|
Released 2013-12-25, by NIIBE Yutaka |
|
|
|
** Tools and test suite now work with PyUSB 1.0, too. |
|
It only worked with PyUSB 0.4.3, but it works with PyUSB 1.0 too. |
|
|
|
** Improved RSA routine |
|
Working memory for RSA computation is taken from stack instead of |
|
malloc (mostly). |
|
|
|
|
|
* Major changes in Gnuk 1.1.0 |
|
|
|
Released 2013-12-20, by NIIBE Yutaka |
|
|
|
** Overriding key import / generation (Incompatible Change) |
|
Gnuk supports overriding key import or key generation even if keys are |
|
already installed. Note that it will result password reset of user. |
|
|
|
** RSA key generation improvement |
|
Prime number generation is done by Fouque-Tibouchi method. |
|
|
|
** Security fix for RSA computation |
|
PolarSSL had a vulnerability against timing attack. For detail, |
|
please see: |
|
|
|
http://www.gniibe.org/memo/development/gnuk/polarssl/polarssl-rsa-blinding |
|
|
|
** Improved RSA routine |
|
RSA computation has been improved using MPI square routine. Note that |
|
you should not adopt this modification for general purpose computer, |
|
as this change is weak against the Yarom/Falkner flush+reload cache |
|
side-channel attack. |
|
|
|
** Upgrade of NeuG |
|
The true random number generator was upgraded to the one of NeuG 1.0. |
|
|
|
** Replacement of kernel (thread library) |
|
Instead of ChibiOS/RT, we now use Chopstx. |
|
|
|
** Removal of obsolete features |
|
The feature named pin-dial, which is pin input with hardware |
|
enhancement (with rotary encoder) is removed. |
|
|
|
|
|
* Major changes in Gnuk 1.0.4 |
|
|
|
Released 2013-03-15, by NIIBE Yutaka |
|
|
|
** Relocatable reGNUal, really |
|
In 1.0.3, reGNUal was not fully relocatable. It worked loaded on higher |
|
address, but didn't work for lower address. This was fixed. |
|
|
|
|
|
* Major changes in Gnuk 1.0.3 |
|
|
|
Released 2013-03-14, by NIIBE Yutaka |
|
|
|
** Relocatable reGNUal |
|
The upgrade helper, reGNUal, is now relocatable (other than the first |
|
vector table). It runs well when loaded at different address. This |
|
makes the upgrade procedure more stable. |
|
|
|
** Compilation by newer GNU Toolchain |
|
Now, Gnuk can be compiled with newer GNU Toolchain, specifically GCC |
|
4.7.x and GNU Binutils 2.22. Old versions of Gnuk had problem for |
|
ChibiOS_2.0.8/os/ports/GCC/ARMCMx/cmsis/core_cm3.c, which was fixed. |
|
|
|
** Data object 0x0073 |
|
Data object 0x0073 is now available. |
|
|
|
|
|
* Major changes in Gnuk 1.0.2 |
|
|
|
Released 2013-02-15, by NIIBE Yutaka |
|
|
|
** Product string is now "Gnuk Token" (was: "FSIJ USB Token") |
|
Since the USB ID Repository suggests not including vendor name |
|
in product string, we changed the product string. |
|
|
|
** New tool (experimental): test/upgrade_by_passwd.py |
|
This is the tool to install new firmware to Gnuk Token, provided |
|
that it's just shipped from factory (and nothing changed). It |
|
authenticate as admin by factory setting, register a public key |
|
for firmware upgrade, and then, does firmware upgrade. |
|
|
|
** tool/gnuk_upgrade.py supports '-k' option |
|
It now supports RSA key on the host PC (not the one on the Token). |
|
|
|
** New tool: tool/get_raw_public_key.py |
|
This is a script to dump raw data of RSA public key, which is useful |
|
to register to Gnuk Token as a firmware upgrade key. |
|
|
|
** New tool: tool/gnuk_remove_keys_libusb.py |
|
This tool is libusb version of gnuk_remove_keys.py. Besides, a bug in |
|
gnuk_remove_keys.py was fixed. |
|
|
|
** CCID protocol fix |
|
When time extension is requested by Gnuk Token to host PC, argument |
|
field was 0, which was wrong (but it works for most PC/SC |
|
implementations and GnuPG internal driver). Now it's 1, which means |
|
1*BWT. |
|
|
|
** OpenPGP card protocol enhancement |
|
Now, VERIFY command accepts empty data and returns remaining trial |
|
counts, or 0x9000 (OK) when it's already authenticated. This is |
|
useful for application to synchronize card's authentication status. |
|
|
|
|
|
* Major changes in Gnuk 1.0.1 |
|
|
|
Released 2012-08-03, by NIIBE Yutaka |
|
|
|
** USB SerialNumber String |
|
In 1.0, it has a bug for USB SerialNumber String. It has been fixed |
|
in 1.0.1. |
|
|
|
|
|
* Major changes in Gnuk 1.0 |
|
|
|
Released 2012-07-21, by NIIBE Yutaka |
|
|
|
This is bug fixes only release. |
|
|
|
|
|
* Major changes in Gnuk 0.21 |
|
|
|
Released 2012-07-06, by NIIBE Yutaka |
|
|
|
** Test suite |
|
A functinality test suite is added under test/ directory. |
|
|
|
** New tool: stlinkv2.py |
|
This tool is SWD flash ROM writer with ST-Link/V2. |
|
|
|
** New tool: usb_strings.py |
|
This tool is to dump USB strings, which include revision detail and config |
|
options. |
|
|
|
** Protection improvement (even when internal data is disclosed) |
|
Even if PW1 and PW3 is same, content of encrypted DEK is different |
|
now. |
|
|
|
|
|
* Major changes in Gnuk 0.20 |
|
|
|
Released 2012-06-19, by NIIBE Yutaka |
|
|
|
** Key generation feature added |
|
Finally, key generation is supported. Note that it may be very slow. |
|
It may take a few minutes (or more) to generate two or three keys, |
|
when you are unlucky. |
|
|
|
** DnD pinentry support is deprecated |
|
Once, DnD pinentry was considered a great feature, but it found that |
|
it is difficult to remember moves of folders. |
|
|
|
** gnuk_upgrade.py assumes using another token for authentication |
|
Use of another token for authentication is assumed now. This is |
|
incompatible change. Note that when you upgrade a token of version |
|
0.19 to 0.20 (or later), you need gnuk_upgrade.py of version 0.19. |
|
|
|
** KDF (Key Derivation Function) is now SHA-256 |
|
Keystring is now computed by SHA-256 (it was SHA1 before). |
|
|
|
** Protection improvements (even when internal data is disclosed) |
|
Three improvements. (1) Even if PW1 and Reset-code is same, content |
|
of encrypted DEK is different now. (2) DEK is now encrypted and |
|
decrypted by keystring in ECB mode (it was just a kind of xor by |
|
single block CFB mode). (3) Key data plus checksum are encrypted in |
|
CFB mode with initial vector (it will be able to switch OCB mode |
|
easily). |
|
|
|
** LED display output change |
|
LED display output by Gnuk is now more reactive. It shows status code |
|
when it gets GET_STATUS message of CCID. When you communicate Gnuk by |
|
internal CCID driver of GnuPG (instead of PC/SC), and enable |
|
'debug-disable-ticker' option in .gnupg/scdaemon.conf, it is more |
|
silent now. |
|
|
|
|
|
* Major changes in Gnuk 0.19 |
|
|
|
Released 2012-06-06, by NIIBE Yutaka |
|
|
|
** Firmware upgrade feature |
|
Firmware upgrade is now possible after the public key authentication |
|
using EXTERNAL AUTHENTICATE command of ISO 7816. Firmware upgrade is |
|
done together with reGNUal, the firmware upgrade program. |
|
|
|
** System service blocks at the beginning of flash ROM. |
|
Once flash ROM is protected, first 4-KiB cannot be modified. Gnuk |
|
use this area for "system service". Note that this area will not |
|
be able to be modified by firmware upgrade (or by any method). |
|
|
|
** New tool: gnuk_upgrade.py |
|
The tool gnuk_upgrade.py is to do public key authentication using |
|
gpg-agent and send reGNUal to Gnuk. Then, we put new Gnuk binary |
|
into the device with reGNUal. |
|
|
|
** USB strings for revision detail, configure options, and system service. |
|
USB strings now have more information. There are revision detail |
|
string, configure options string, system service version string, as |
|
well as vendor string and product string. These strings could be |
|
examined to check Gnuk Token. |
|
|
|
|
|
* Major changes in Gnuk 0.18 |
|
|
|
Released 2012-05-15, by NIIBE Yutaka |
|
|
|
** New mandatory option '--vidpid' for configure |
|
You must specify USB vendor ID and product ID for Gnuk. |
|
The file GNUK_USB_DEVICE_ID lists valid USB device IDs. |
|
|
|
** New tool: gnuk_remove_keys.py |
|
The tool gnuk_remove_keys.py is to remove all keys in Gnuk Token |
|
and reset PW1 and RC (if any). |
|
|
|
** New USB stack |
|
Gnuk used to use USB stack of USB-FS-Device_Lib by ST. Now, it has |
|
original implementation. Hopefully, size and quality are improved. |
|
|
|
|
|
* Major changes in Gnuk 0.17 |
|
|
|
Released 2012-02-02, by NIIBE Yutaka |
|
|
|
** USB CCID/ICCD protocol implementation change |
|
Gnuk now only supports short APDU level exchange, not supporting |
|
extended APDU level exchange. Thus, Gnuk could be compatible to older |
|
host side software implementation. |
|
|
|
** ISO 7816 SELECT command behavior is somewhat strict now |
|
Old implementations do not check DF name for SELECT command. |
|
This causes some trouble when Gnuk Token is identified as if it were |
|
different card/token. Now, DF name of OpenPGP card is checked. |
|
|
|
** USB CCID/ICCD low-level bug is fixed |
|
When the size of command APDU data is just 49, the lower level packet |
|
size is 64. This is maximum size of BULK-OUT transfer packet, and |
|
caused trouble in the past implementations. Example is setting url |
|
(0x5f50) as: http://www.gniibe.org/adpu-string-size-is-just-49 |
|
This is because the past implementations expect ZLP (zero length |
|
packet). Now, it has been fixed. You can use any size of string. |
|
|
|
** CERT.3 Data Object (0x7f21) is now optional |
|
As there's no valid use case for this data object and it does not |
|
work as current version of GnuPG, this is now optional feature. |
|
You can enable this data object by specifying --enable-certdo at |
|
configure time. |
|
|
|
** With DnD pinentry, user can cancel pin input |
|
Now, user can cancel pin input by unmounting device before finishing |
|
DnD. |
|
|
|
** New tool: pinpadtest.py |
|
The tool pinpadtest.py is PC/SC test tool for pinentry of pinpad with |
|
OpenPGP card v2. |
|
|
|
|
|
* Major changes in Gnuk 0.16 |
|
|
|
Released 2011-12-14, by NIIBE Yutaka |
|
|
|
** DnD pinentry support is added and it's default to pinentry support |
|
DnD pinentry support doesn't require any hardware extension, but |
|
emulates mass storage class device of USB. User inputs pass phrase |
|
by "drag and drop"-ing folders using file manager or something. |
|
|
|
** Bug fix for VERIFY for CHV2 |
|
With no keys, VERIFY command for CHV2 used to fail even if pass phrase |
|
is correct. It was intentional, because CHV2 verification would be |
|
useless with no keys. But there is a corner case for PRIVATE-DOs, |
|
which may requires CHV2 verification. Even though Gnuk doesn't |
|
support any PRIVATE-DOs, it is good to be fixed. |
|
|
|
** Changed bcdUSB = 1.1 |
|
Gnuk device conforms to USB 2.0 full speed device, but when it was |
|
2.0, some OS informs users, "you can connect the device to 2.0 |
|
compliant hub so that it can have better bandwidth", which is not |
|
the case for full speed device. |
|
|
|
|
|
* Major changes in Gnuk 0.15 |
|
|
|
Released 2011-11-24, by NIIBE Yutaka |
|
|
|
** New targets: FST_01 and FST_01_00 |
|
Flying Stone Technology's open hardware, Flying Stone Tiny 01 is |
|
supported. |
|
|
|
** Flash writing tool for "DfuSe" is improved |
|
Now, it supports holes and unaligned blocks in hex file. |
|
|
|
** Experimental PIN-pad support (by TV controller) change |
|
Now, Gnuk has codetables for conversion from CIR code to ASCII code. |
|
Note that only four controllers (of Dell, Sharp, Sony, and Toshiba) |
|
are supported and tested. |
|
|
|
** It is possible for users to keep using OPENPGP_CARD_INITIAL_PW1 |
|
With a bug fix of verify_user_0, it's now possible. Although it's not |
|
recommended. |
|
|
|
** Important bug fix and a workaround |
|
In version 0.14, __main_stack_size__ (for interrupt handler) was too |
|
small for some cases. This is fixed in 0.15. |
|
|
|
In src/Makefile.in, added -mfix-cortex-m3-ldrd for correctly linking C |
|
library for thumb2. This is needed for newer summon-arm-toolchain. |
|
|
|
|
|
* Major changes in Gnuk 0.14 |
|
|
|
Released 2011-10-07, by NIIBE Yutaka |
|
|
|
** Random number generator change |
|
NeuG, Gniibe's True RNG implementation for STM32F103, has been |
|
integrated to Gnuk. It is not needed to put random number bytes |
|
(generated by host) to Token any more. |
|
|
|
|
|
* Major changes in Gnuk 0.13 |
|
|
|
Released 2011-06-15, by NIIBE Yutaka |
|
|
|
** Improved RSA routine. |
|
About 20% speed improvement. |
|
|
|
** New tool: hub_ctrl. |
|
It is a Python implementation ported from original C implementation. |
|
It is useful for development of USB target if you have a good hub. |
|
You can power off/on the port to reset Gnuk Token. |
|
|
|
|
|
* Major changes in Gnuk 0.12 |
|
|
|
Released 2011-05-13, by NIIBE Yutaka |
|
|
|
** Admin-less mode is supported. |
|
The OpenPGP card specification assumes existence of a security officer |
|
(admin), who has privilege to manage the card. On the other hand, |
|
many use cases of Gnuk are admin == user. |
|
|
|
Thus, Gnuk now supports "admin-less" mode. In this mode, user can get |
|
privilege with the password of PW1. |
|
|
|
At the initialization of the card, Gnuk becomes compatible mode by |
|
setting PW3. Without setting PW3, it becomes "admin-less" mode |
|
by setting PW1. |
|
|
|
** Important two bug fixes. |
|
Gnuk (<= 0.11) has a bug which makes possible for attacker to change |
|
user password to unknown state without knowing original password (when |
|
no keys are loaded yet). No, attacker could not steal your identity |
|
(cannot sign or decrypt), but it would be possible to disturb you. |
|
|
|
Gnuk (<= 0.11) has a bug which makes possible for attacker to guess |
|
admin password easily. When admin password is not set (the default |
|
value of factory setting), failure of VERIFY doesn't increment error |
|
counter in older versions. Observing no increment of error counter, |
|
attacker could know that admin password is the one of factory setting. |
|
|
|
** tool/gnuk_put_binary.py now uses pyscard. |
|
Instead of PyUSB, it uses Python binding of PC/SC. PyUSB version is |
|
still available as tool/gnuk_put_binary_libusb.py. |
|
|
|
** Logo for Gnuk is updated. |
|
|
|
** Gnuk Sticker SVG is available. |
|
|
|
|
|
* Major changes in Gnuk 0.11 |
|
|
|
Released 2011-04-15, by NIIBE Yutaka |
|
|
|
This is bug fixes only release. |
|
|
|
|
|
* Major changes in Gnuk 0.10 |
|
|
|
Released 2011-02-10, by NIIBE Yutaka |
|
|
|
** The executable can be installed to multiple devices. |
|
So far, users of Gnuk should have not shared single executable among |
|
multiple devices because the executable includes random bits (or |
|
fixed serial number). Now, random_bits and fixed serial number are |
|
configured *after* compilation, we can install single executable image |
|
to multiple devices. Note that we need to configure random_bits for |
|
each device. |
|
|
|
** Removed configure option: --with-fixed-serial |
|
It is not compile time option any more. After installation, we can |
|
modify serial number in AID by tool/gnuk_put_binary.py. Modification |
|
is possible only once. If you don't modify, Gnuk uses unique chip ID |
|
of STM32 processor for AID. |
|
|
|
|
|
* Major changes in Gnuk 0.9 |
|
|
|
Released 2011-02-01, by NIIBE Yutaka |
|
|
|
** Card Holder Certificate is supported (still this is experimental). |
|
Gnuk can support card holder certificate now. Note that GnuPG is not |
|
ready yet. The tool/gnuk_update_binary.py is for writing card holder |
|
certificate to Gnuk Token. |
|
|
|
** Better interoperability to OpenSC. |
|
Gnuk is not yet supported by OpenSC, but it could be. With the |
|
changes in Gnuk, it could be relatively easily possible to support |
|
Gnuk Token by OpenSC with a few changes to libopensc/card-openpgp.c, |
|
and libopensc/pkcs15-openpgp.c. |
|
|
|
** New board support "STBee" |
|
STBee is a board by Strawberry Linux Co., Ltd., and it has |
|
STM32F103VET6 on the board. The chip is High Density CPU with 512KB |
|
flash memory and many I/O. If you want to connect sensor, display, |
|
etc., this board would be a good candidate. |
|
|
|
** Experimental PIN-pad modification(unblock) support is added. |
|
PIN-pad modification(unblock) is supported. |
|
|
|
|
|
* Major changes in Gnuk 0.8 |
|
|
|
Released 2011-01-19, by NIIBE Yutaka |
|
|
|
** Experimental PIN-pad modification support is added. |
|
PIN input using rotally encoder and push switch is tested with STBee |
|
Mini. By this hardware, PIN-pad modification is supported. |
|
|
|
|
|
* Major changes in Gnuk 0.7 |
|
|
|
Released 2011-01-15, by NIIBE Yutaka |
|
|
|
** Bug fix only. |
|
In version 0.6, a severe bug was introduced in usb-icc.c when adding a |
|
work around for libccid 1.3.11. The fix is one-liner, but it is worth |
|
to release newer version. |
|
|
|
|
|
* Major changes in Gnuk 0.6 |
|
|
|
Released 2011-01-14, by NIIBE Yutaka |
|
|
|
** Experimental PIN-pad support is added. |
|
Local PIN-pad input is suppored for boards which have input hardware. |
|
PIN input using consumer IR receive module is tested with STBee Mini |
|
and STM8S Discovery. |
|
|
|
** USB device serial number is virtually unique now. |
|
STM32F103 has 96-bit unique chip identifier. We take advantage of |
|
this, Gnuk Token has virtually unique USB serial number. |
|
|
|
** Card serial number is determined at run time by chip identifier. |
|
Until version 0.5, card serial number was compile time option. If we |
|
used same binary for different devices, card serial number was same. |
|
Now, we use STM32F103's 96-bit unique chip identifier for card serial |
|
number (when you don't use --with-fixed-serial option). |
|
|
|
** More improved USB-CCID/ICCD implementation. |
|
The changes in 0.5 was not that good for libccid 1.3.11, which has |
|
small buffer (only 262-byte APDU). Workaround for libccid 1.3.11 is |
|
implemented. |
|
|
|
|
|
* Major changes in Gnuk 0.5 |
|
|
|
Released 2010-12-13, by NIIBE Yutaka |
|
|
|
** LED blink |
|
LED blink now shows status output of the card. It shows the status of |
|
CHV3, CHV2, and CHV1 when GPG is accessing the card. |
|
|
|
** New board support "STM8S Discovery" |
|
ST-Link part (with STM32F103C8T6) of STM8S Discovery board is now supported. |
|
|
|
** Digital signing for SHA224/SHA256/SHA384/SHA512 digestInfo is now possible. |
|
|
|
** Fixes for password management |
|
Now, you can allow the token to do digital signing multiple times with |
|
single authentication. You can use "forcesig" subcommand in card-edit |
|
of GnuPG to enable the feature. |
|
|
|
** Key management changes |
|
If you remove all keys, it is possible to import keys again. |
|
|
|
** More improved USB-CCID/ICCD implementation. |
|
Gnuk works better with GPG's in-stock protocol stack. You can do |
|
digital signing (not decryption, key import, or get_public_key in |
|
GPG2). For decryption, key import and get_public_key, changes are |
|
needed for GPG (scd/ccid-driver.c) to support the case of extended |
|
APDU. In short, you can sign with Gnuk by GPG. |
|
|
|
** Windows support. |
|
Gnuk Token could run with GPG4WIN on MS Windows. GPG4WIN runs with |
|
"usbccid" driver and "winscard" driver. |
|
|
|
|
|
* Major changes in Gnuk 0.4 |
|
|
|
Released 2010-11-09, by NIIBE Yutaka |
|
|
|
** New board support "STBee Mini". |
|
|
|
** Flash writing tool for "DfuSe" is included now. |
|
|
|
** Since Flash GC is now implemented, it can be used longer. |
|
|
|
|
|
* Major changes in Gnuk 0.3 |
|
|
|
Released 2010-10-23, by NIIBE Yutaka |
|
|
|
** Now we have 'configure' script to select target. |
|
|
|
** Support system with DFU (Device Firmware Upgrade) downloader. |
|
|
|
** New board support "CQ STARM". |
|
|
|
** Improved USB-ICCD implementation. Works fine with GPG's protocol stack. |
|
|
|
|
|
* Major changes in Gnuk 0.2 |
|
|
|
Released 2010-09-13, by NIIBE Yutaka |
|
|
|
** With DEBUG=1, timeout is more than 3 seconds. |
|
|
|
** Flash ROM entries for random numbers are cleared after use. |
|
|
|
** Board support "STM32 Primer 2" now works. |
|
|
|
|
|
* Major changes in Gnuk 0.1 |
|
|
|
Released 2010-09-10, by NIIBE Yutaka |
|
|
|
** Enabled force_chv1 (in the pw_status_bytes), so that the decipher works. |
|
|
|
** Support both of key for digital signing and key for decryption. |
|
|
|
** Decipher is supported. |
|
|
|
** New board support "STM32 Primer 2" is added by Kaz Kojima. |
|
|
|
** LED behavior is meaningful now. "ON" during execution. |
|
|
|
** Fixed bcdCCID revision number. |
|
|
|
** Logo. |
|
|
|
|
|
* Major changes in Gnuk 0.0 |
|
|
|
Released 2010-09-06, by NIIBE Yutaka |
|
|
|
** This is initial release. Only it supports digital signing. |
|
|
|
Local Variables: |
|
mode: outline |
|
End:
|
|
|