Re: How U2F works

2017-02-27 Thread Glenn Rempe 
Just chiming in here with some comments below. I am an active U2F user
and have played around with the server API's and read some of the
specs. Just to be clear, not an expert on U2F.

On 2/27/17 3:28 PM, NIIBE Yutaka wrote:
> Hello,
> 
> Let me ask a question about U2F.  Or, more generally, possibility
> to enhance GnuPG for web authentication.
> 

> Anyhow, it would be possible for Gnuk to add U2F support (somehow 
> limited, because of available resource on board).  Also, it would
> be possible for scdaemon (or other application) to emulate U2F
> protocol (just like Scute does emulate PKCS#11).
> 
> Well, I have two concerns for U2F.
> 
> (1) Atterstation key
> 
> In the document of U2F:
> 
> https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-overview-v1.1-id-20160915.html#verifying-that-a-u2f-device-is-genuine
>
>  It explains about Atterstation key.
> 
> If it were common for services to do this Atterstation key check,
> U2F emulation or free U2F implementation will be no real use with
> no private key of the vendor.   (It reminds me the old days when
> Apache couldn't serve https because no certificate authority issued
> certificate for servers with Apache.)  I wondor if Atterstation key
> check is common or not.

Well, the attestation key would be checked by the server side process
right? And that is optional to check (but perhaps not optional to
send). So you probably would need to ask those that are integrating
U2F as a server auth method. Sending this seems to be a requirement
based on the spec link you sent. Couldn't you get a vendor specific
attestation key in any case for GnuK and use the same key across all
devices?

Yubico describes something about the attestation metadata they use here:

https://developers.yubico.com/U2F/Attestation_and_Metadata/

> 
> 
> (2) JavaScript
> 
> It seems for me that there are special JavaScript(s) to offer
> access API to U2F.  I don't quite understand how it works to the
> physical device.
> 
> I don't like nonfree JavaScript which may interfere user' control.
> 
> Is it easy for free script (as in freedom) to integrate a script
> for U2F access?  Any such example scripts or any such services
> which do so?

I believe that at this point almost all use of U2F is through web
browsers that support talking to the U2F hardware API's directly. Only
Chrome has full support now, and Firefox and Opera are working on it
but are not yet generally available. The web Javascript API's are just
for requesting registration of a token or authentication. So you can't
use U2F in a browser that does not have support for it no matter what
JS you load in your page.

Browser support:

https://www.yubico.com/support/knowledge-base/categories/articles/browsers-support-u2f/

Yubico Demo Code and JS API

https://developers.yubico.com/U2F/Libraries/Using_a_library.html

JS Polyfill

https://github.com/mastahyeti/u2f-api

> 
> Here, my concern is that if it is all for proprietary world, I am 
> reluctant to consider seriously about U2F.

FIDO U2F is based on an openly published standard but only for you to
'read and analyze'. Seems like you have to become a member of the FIDO
alliance to be protected. Its not an Internet RFC.

"FIDO's specifications are public and available for anyone to read and
analyze. But only FIDO Alliance Members benefit from “the promise” to
not assert patent rights against other members’ implementations (see
the FIDO Alliance Membership Agreement for details). Anyone may join
the FIDO Alliance; we encourage even very small companies with a very
low cost to join at the entry level. Members at all levels not only
benefit from the mutual non-assert protection, but also participate
with FIDO Alliance members, activities and developments; Associates
have more limited participation benefits. All are invited to join the
FIDO Alliance and participate."

https://fidoalliance.org/faqs/

> 
> 
> And finally, if web authentication is important, I would like to
> use the infrastructure of GnuPG to manage my own crypto computation
> and my own private keys.  Currently, we can use GnuPG for SSH
> authentication by its ssh-agent emulation.  I would like to extend
> this.

Wouldn't making this work require the browser vendors to support some
kind of 'pluggable local auth' that gnupg would emulate, and not only
support for hardware tokens like Yubikey? I don't know if they support
this broader concept or not.

https://fidoalliance.org/specifications/overview/

What though is the benefit of using gnupg key as the crypto behind the
client auth? Seems like you are more exposed by having a portable gpg
key as opposed to a hardware embedded key. U2F makes it so easy to add
a backup key, and most implementations let you drop and add keys
pretty easily. Just trying to figure out if backing U2F with gpg, if
that is what you are proposing, is worth it?

> 
> Any thoughts?  Thanks in advance.
> 

Cheers.



signature.asc
Description: OpenPGP digital signature
_

Re: help

2017-02-27 Thread Damien Goutte-Gattat 

Hi,

On 02/27/2017 04:07 PM, r...@riseup.net wrote:

I'll use my master key offline. Following this guidelines:
https://incenp.org/notes/2015/using-an-offline-gnupg-master-key.html

I also implemented the Appelbaum's config.(Riseup Best Practices) Will
it work properly if the Master Key isn't on my machine?


It should.

Note, however, that Riseup's Best Practices [1] and proposed 
configuration file [2] are partially obsolete, *especially* if you are 
using GnuPG 2.1. Many of the proposed options and advices are not needed 
anymore, as GnuPG already does The Right Thing.




And the following faults are coming:
 gpg: keyserver option 'ca-cert-file' is obsolete; please use
'hkp-cacert' in dirmngr.conf


If you're using the sks-keyservers.net pool you no longer need to 
provide GnuPG with the CA certificate file, as it is now bundled with 
GnuPG (>= 2.1.11) and automatically used when needed. (And with GnuPG >= 
2.1.16 you will no longer even need to explicity set the keyserver 
option, as hkps.pool.sks-keyservers.net is already the default.)




gpg: keyserver option 'no-try-dns-srv' is unknown


This option no longer exists, but I *think* that if you really want to, 
you can disable SRV lookups by explicitly specifying a port number when 
setting the keyserver, as in:


  keyserver hkps.pool.sks-keyservers.net:443


Damien

--
[1] https://riseup.net/en/security/message-security/openpgp/best-practices
[2] 
https://raw.githubusercontent.com/ioerror/duraconf/master/configs/gnupg/gpg.conf




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

How U2F works

2017-02-27 Thread NIIBE Yutaka 
Hello,

Let me ask a question about U2F.  Or, more generally, possibility to
enhance GnuPG for web authentication.

While I maintain scdaemon of GnuPG and develop Gnuk (an OpenPGPcard
implementation), I sometimes am asked about U2F support, these days.
(I think that this is due to Yubikey.)

IIUC, major use case of U2F is web authentication.  It seems for me
that it doesn't fit directly to OpenPGPcard use case.

Anyhow, it would be possible for Gnuk to add U2F support (somehow
limited, because of available resource on board).  Also, it would be
possible for scdaemon (or other application) to emulate U2F protocol
(just like Scute does emulate PKCS#11).

Well, I have two concerns for U2F.

(1) Atterstation key

In the document of U2F:

https://fidoalliance.org/specs/fido-u2f-v1.1-id-20160915/fido-u2f-overview-v1.1-id-20160915.html#verifying-that-a-u2f-device-is-genuine

It explains about Atterstation key.

If it were common for services to do this Atterstation key check, U2F
emulation or free U2F implementation will be no real use with no private
key of the vendor.   (It reminds me the old days when Apache couldn't
serve https because no certificate authority issued certificate for servers
with Apache.)  I wondor if Atterstation key check is common or not.


(2) JavaScript

It seems for me that there are special JavaScript(s) to offer access API
to U2F.  I don't quite understand how it works to the physical device.

I don't like nonfree JavaScript which may interfere user' control.

Is it easy for free script (as in freedom) to integrate a script for U2F
access?  Any such example scripts or any such services which do so?

Here, my concern is that if it is all for proprietary world, I am
reluctant to consider seriously about U2F.


And finally, if web authentication is important, I would like to use the
infrastructure of GnuPG to manage my own crypto computation and my own
private keys.  Currently, we can use GnuPG for SSH authentication by
its ssh-agent emulation.  I would like to extend this.

Any thoughts?  Thanks in advance.
-- 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

help

2017-02-27 Thread rsvx 

Hi,

i'm configuring my gnupg using 2.1.11

I'll use my master key offline. Following this guidelines: 
https://incenp.org/notes/2015/using-an-offline-gnupg-master-key.html


I also implemented the Appelbaum's config.(Riseup Best Practices) Will 
it work properly if the Master Key isn't on my machine?


And the following faults are coming:
 gpg: keyserver option 'ca-cert-file' is obsolete; please use 
'hkp-cacert' in dirmngr.conf

gpg: keyserver option 'no-try-dns-srv' is unknown

Please see the screenshot from my terminal.

Many thanks



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Problems with GPGME returning "Not Implemented" or "Configuration error"

2017-02-27 Thread Jeffrey Stedfast 
Hi all,

I'm working on re-implementing GMime to use libgpgme (1.8.0 on Fedora 25) 
instead of using my own custom logic for fork()ing/exec()ing gpg & parsing the 
status-fd output to do PGP encryption and I've gotten that to work just fine 
for PGP, but I am having trouble using nearly identical logic (only diff is 
armor/textmode state) to sign or encrypt using the CMS backend.

For some reason, gpgme_op_sign() is returning GPG_ERR_NOT_IMPLEMENTED while 
gpgme_op_encrypt() is returning "Configuration error".

>From what I can deduce by scouring the web for information, it seems like 
>NOT_IMPLEMENTED should never get returned unless I am using options that just 
>haven't been implemented yet but that doesn't seem like it should be the case 
>since I don't think I'm doing anything out of the ordinary.

When signing, I've set armor=0, textmode=0, mode=DETACH (or NORMAL), and added 
a signer to the context.

For encrypting, I am getting "Configuration error" which I'm also confused 
about because I don't know what configuration options could be causing this.

Once again, armor=0, textmode=0, flags=0, and I've created a NULL-terminated 
list of recipient keys to pass to gpgme_op_encrypt().



Since my unit tests are re-using the same gpgme context to import some smime 
certs, then export some certs, then sign some streams, etc - could that be the 
problem? As I write this email, I realize that's something I haven't yet 
checked...

All I can think of is that perhaps there is some leftover state from 
gpgme_op_import() or gpgme_op_export_ext() that is breaking the gpgme_op_sign() 
when run at a later point?


Thanks for any help or guidance in tracking down these issues,

Jeff


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Announcing paperbackup.py to backup keys as QR codes on paper

2017-02-27 Thread Peter Lebbing 
On 27/02/17 11:50, Gerd v. Egidy wrote:
> echo -n "line content to check" | md5sum | cut -c -6

Yes, that should work just as well in practice, I think. 24 bits of
checksum is slightly weaker than 32, but I don't think it matters.

> But I think a collision at the first 3 bytes is less likely with MD5 than one 
> with CRC. The MD5 sum changes drastically if just one bit flips.

I doubt CRC-32 would be worse than 32 bits of MD5, since CRC-32 is
designed to catch accidental errors[1]. I don't know how a CRC-32
truncated to 24 bits would behave. A truncated MD5 should be fine for
detecting accidental errors, though.

So I think the three initial bytes of an MD5 would work well to detect
typing errors.

Cheers,

Peter.

[1] Although it's probably better at physical noise in the transfer of
individual bits than typing mistakes in base64 data.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg2 on a Windows 10 Pro 64 bit machine

2017-02-27 Thread Jerry 
On Mon, 27 Feb 2017 05:59:09 -0500, Jerry stated:

>On Sun, 26 Feb 2017 20:56:55 -0500, Robert J. Hansen stated:

<>

I was just thinking that it might be nice to have a way to "LOG" the
output of the program so that a user could inspect it later to see what
transpired or if an error occurred. There are several ways to accomplish
this With Windows Power Shell. I am not all that familiar with it
though.

In any case, it is just a thought.

-- 
Jerry

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg2 on a Windows 10 Pro 64 bit machine

2017-02-27 Thread Jerry 
On Sun, 26 Feb 2017 20:56:55 -0500, Robert J. Hansen stated:

>> I am not sure what that is referring to. Also, there are numerous
>> keys listed as revoked or expired. Is there a anything I can run
>> from the command line that will automatically remove all revoked or
>> expired keys?  
>
>Kinda-sorta, but yes!
>
>WARNING: this works on my laptop for both GnuPG 2.0 and 2.1.  It may
>not work on yours.
>
>Save everything between the "=" marks to a file named
>"gpgclean.ps1".
>
>
>=
># gpgclean.ps1 -- cleans expired/revoked keys from GnuPG
># Requires GnuPG 2.0 or later.
>#
># Copyright 2017, Rob Hansen
>#
># Permission to use, copy, modify, and/or distribute this
># software for any purpose with or without fee is hereby
># granted, provided that the above copyright notice and
># this permission notice appear in all copies.
>#
># THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS
># ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
># IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO
># EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT,
># INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
># WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
># WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
># TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
># USE OR PERFORMANCE OF THIS SOFTWARE.
>
>
>
># Use the Windows Registry to find GnuPG's location
>
>## Start by looking for GnuPG 2.1.  If we can't find
>## it, fall back to looking for 2.0.
>
>If (Test-Path "HKLM:\Software\WOW6432Node\GnuPG") {
>   $gpgdir = Join-Path `
>   -Path (Get-ItemPropertyValue `
>   -Path "HKLM:\Software\WOW6432Node\GnuPG" `
>   "Install Directory") `
>   -ChildPath "bin"
>   $gpg = Join-Path -Path $gpgdir "gpg.exe"
>}
>ElseIf (Test-Path "HKLM:\Software\WOW6432Node\GNU\GnuPG") {
>   $gpgdir = Get-ItemPropertyValue `
>   -Path "HKLM:\Software\WOW6432Node\Gnu\GnuPG" `
>   "Install Directory"
>   $gpg = Join-Path -Path $gpgdir "gpg2.exe"
>}
>
># Create the two Lists we're going to use to store the
># revoked/expired private keys and the revoked/expired
># public keys
>$private_keys = New-Object `
>   -TypeName System.Collections.Generic.List[string]
>$public_keys = New-Object `
>   -TypeName System.Collections.Generic.List[string]
>
># Many of our "expired" keys will have new, duration-
># extending signatures.  We do a keyring refresh from the
># keyservers to ensure we don't delete anything we don't
># have to.
>&$gpg --keyserver pool.sks-keyservers.net `
>   --refresh
>
># Get the expired/revoked private and public keys
>(&$gpg --keyid-format long `
>   --fixed-list-mode `
>   --with-colons --list-key | `
>   Select-String -Pattern "^pub:(r|e)").ForEach({
>   $match = [regex]::match($_, "([A-F0-9]{16})")
>$keyid = $match.Groups[1].Value
>   $public_keys.Add($keyid)
>   }
>)
>
>## In GnuPG 2.0, you can't figure out whether a private
>## key is expired except by looking at its corresponding
>## public key.  In GnuPG 2.1, you can, but the old way
>## still works.  This code will therefore work with both.
>If ($public_keys.Count -gt 0) {
>   (&$gpg --keyid-format long `
>   --fixed-list-mode `
>   --with-colons --list-secret-key $public_keys | `
>   Select-String -Pattern "^sec").ForEach({
>   $match = [regex]::match($_, "([A-F0-9]{16})")
>   $keyid = $match.Groups[1].Value
>   $private_keys.Add($keyid)
>   }
>   )
>}
>
># If we have revoked/expired private keys, get rid
># of them first.
>if ($private_keys.Count -gt 0) {
>   &$gpg --yes --delete-secret-keys $private_keys
>}
># Follow up with revoked/expired public keys
>if ($public_keys.Count -gt 0) {
>   &$gpg --yes --delete-keys $public_keys
>}
>=
>
>
>Save that.  Then, in the "Ask me anything" box, type "Windows
>PowerShell".  Launch the program that comes up.  You'll see a prompt
>like:
>
>PS C:\Users\rjh>
>
>Then just type the path to gpgclean.ps1 and hit RETURN.
>
>PS C:\Users\rjh> .\Documents\gpgclean.ps1
>
>It will likely appear to hang for a few minutes.  That's normal.  It's
>refreshing your keyring in order to see if any certs have revised
>expiration dates.  Once it finishes that, the rest goes quickly.
>
>If there's interest, I'll put a good-looking GUI on this.

I just ran the program, and it seems to work fine.

Using Windows 10 PRO 64 bit, users can simply locate the program and
right click on it. A menu will come up. One of the selections is to run
with Windows Power Shell. Simple click on that and you are off to the
races. The first time you run the program Windows will ask if you want
to change the permissions on the program so it can be run. At least it
did on my machine.

A GUI might be interesting. I would be willing to beta test it for you.

Thanks for your hard work on this.

--

Re: Announcing paperbackup.py to backup keys as QR codes on paper

2017-02-27 Thread Gerd v. Egidy 
Hi Peter,

thank you very much for helping with paperbackup.py and sending your python 
code.

> > Ideally it is a tool or combination of tools already deployed widely, like
> > sed and sort I used in paperrestore. This would make the checksums still
> > usable even when the source to paperbackup.py isn't available anymore.
> 
> It took me some fiddling... but using CRC RevEng[1] I got a checksum in
> Python that is compatible to POSIX cksum.
[...]
> $ printf $(printf '%08x' $(echo -n 123456789 | cksum | cut -d' ' -f1) |
> sed 's/../\\x\0/g')|base64|cut -b-6

Yesterday, with your solution in mind, I had an idea how we could even further 
reduce dependencies and ease the use:

echo -n "line content to check" | md5sum | cut -c -6

MD5 may be broken as a secure hash, but it still makes a very good checksum. 
MD5 is well standardized and available and hashlib.md5() is included in 
python. 

Your solution uses base64 to show more bits of the checksum than my hex chars. 
But I think a collision at the first 3 bytes is less likely with MD5 than one 
with CRC. The MD5 sum changes drastically if just one bit flips.

What do you think?

Kind regards,

Gerd


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users