Re: GnuPG 2.2.20 under Termux (Android) ...

2020-05-07 Thread Szczepan Zalega | Nitrokey via Gnupg-users 
On 4/27/20 6:50 PM, Stefan Claas wrote:
> I see in your address 'Nitrokey' and I was wondering (I have USB on my Samsung
> A40) that a Nitrokey USB device would work properly with my Termux set-up, 
> i.e.
> Nitrokey drivers which must be detected via Termux, so that it would work?
> 
> Are you aware of if this was ever been tested?

Hi!

Sorry for the delay. Nitrokey devices were tested with OpenKeychain [1]
(available on F-Droid and Google Play), but not with the Termux. I will
keep in mind to check this.
Regarding smart card related features no additional drivers are needed,
only the usual GnuPG requirements apply: device access and scdaemon
service running for the actual device communication.


[1] https://www.openkeychain.org/

-- 
Best regards,
Szczepan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: GnuPG 2.2.20 under Termux (Android) ...

2020-04-27 Thread Szczepan Zalega | Nitrokey via Gnupg-users 
On 4/27/20 3:15 PM, Stefan Claas wrote:
> maybe interesting for some of you.
> 
> I just noticed that, after installing Golang under Termux
> that Termux has also GnuPG already installed.
> 
> https://ibb.co/hyG8q4Y
> 
> Would people recommend using pure GnuPG on a smartphone,
> compared to a (compromised?) PC?
> 
> I ask, because I have not read yet what attacks (remotely)
> are possible with smartphones, to obtain the secret keys.
> 
> Any pointers to articles would be very welcome!
> 

Hi!

I would not keep the secrets on the mobile, but rather offload the
computation to a simple device and communicate via USB/NFC. Reason is
that this is a complicated communication device, which has a big attack
surface.
Here is a fresh remote code exploitation done over Bluetooth for Android
8/9 [1]. Fix was released in February 2020 as far as I see.
In the past there were some issues with the WiFi as well AFAIR.


[1]
https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/

-- 
Best regards,
Szczepan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Complete Ubuntu compile of GnuPG

2017-12-12 Thread Szczepan Zalega | Nitrokey 
On 11/25/2017 01:40 PM, murphy wrote:
> Yes, the permissions and gpg-agent.conf creation is a problem I would
> like to find an easy way around.  As it turns out a fresh install of
> ubuntu 16.04.3 already has /usr/bin/pinentry-gnome3 installed.  That,
> plus the fact that libgnutls28-dev also installs a bunch of stuff on my
> bash file means I can reduce it to:
> 

Hi!

I have scripted an Ubuntu 17.10 docker container recently for building
any GnuPG version and it is available at [1]. More details at [2].

Once built, it runs `gpg --card-edit` by default, but with [3] one can
run any command.

For building desired GnuPG version use (details at [4]):
```
bash docker-build.sh --build-arg GPG_VERSION=2.2.3
```

[1] https://github.com/Nitrokey/gpg-docker
[2] https://github.com/Nitrokey/gpg-docker/wiki
[3] docker-run-command.sh
[4] https://docs.docker.com/engine/reference/builder/#using-arg-variables

-- 
Best regards,
Szczepan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4

2017-10-17 Thread Szczepan Zalega | Nitrokey 
On 10/15/2017 11:55 PM, ved...@nym.hush.com wrote:
> OK,
> did this, and downloaded all of the dependent libraries to ./configure  
> gnupg-2.2.1
> (...)
> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include
> -I/usr/local/include -g -O2 -fvisibility=hidden -Wall -Wno-pointer-sign
> -Wpointer-arith -MT visibility.lo -MD -MP -MF .deps/visibility.Tpo -c
> visibility.c  -fPIC -DPIC -o .libs/visibility.o
> In file included from ntbtls-int.h:251:0,
>  from visibility.h:24,
>  from visibility.c:24:
> context.h:24:18: fatal error: zlib.h: No such file or directory

Hi!

Apparently you do not have zlib's headers. apt-file says you can find
them on Ubuntu in package: zlib1g-dev (/usr/include/zlib.h).


-- 
Best regards,
Szczepan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: error while trying to run make

2017-06-08 Thread Szczepan Zalega | Nitrokey 
On 06/07/2017 02:45 PM, Marianne Hommer wrote:
> I am trying to run make on GPG 2.1.21 and get the following errors.
> I do not see any errors from installing the pre req programs.
> 

Hello,

Similar issue regarding `IN_EXCL_UNLINK` was solved earlier.
See thread from 05/09/2017 07:12 PM,
topic: `undeclared function identified during make - gnupg-2.1.20`.

-- 
Best regards,
Szczepan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating RSA-4096 on Nitrokey Pro

2017-03-28 Thread Szczepan Zalega | Nitrokey 
On 03/27/2017 04:40 AM, NIIBE Yutaka wrote:
> NIIBE Yutaka  wrote:
>> I think that the CCID driver has a bug for TPDU handling for time
>> extension from the card.
> 
> I confirmed that the problem can be reproducible with Gemelto card
> reader (TPDU exchange).
> (...)
> 
> I put a kludge to handle this special case in the internal CCID driver.
> 
> Fixed in 0848cfcce738150b53bfb65b78efc1e6dc9f3d26.
> 

Hi!

Thank you for the patch! I will check it on next occasion and leave
feedback.


-- 
Best regards,
Szczepan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating RSA-4096 on Nitrokey Pro

2017-03-24 Thread Szczepan Zalega | Nitrokey 
On 03/20/2017 10:39 AM, Szczepan Zalega | Nitrokey wrote:
> I would like to generate RSA-4096 key on Nitrokey Pro v0.7 device.
> During the generation error is shown:
> ```
> gpg: key generation failed: Card error
> Key generation failed: Card error
> gpg: error setting forced signature PIN flag: Input/output error
> ```
> In scdaemon.log I see that libusb reports time-outs:
> ```
> 2017-03-17 20:26:51 scdaemon[16299] DBG: ccid-driver: usb_bulk_read
> error: LIBUSB_ERROR_TIMEOUT
> 2017-03-17 20:26:51 scdaemon[16299] ccid_transceive failed: (0x1000a)
> 2017-03-17 20:26:51 scdaemon[16299] apdu_send_simple(0) failed: card I/O
> error
> ```
> 

Same is occurring on latest GPG 2.1.19. Attached logs taken under Arch
Linux. Any ideas how to fix it?



-- 
Best regards,
Szczepan


scdaemon-pro-4096-2.1.19-arch-linux.log.txt.gz
Description: application/gzip
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Generating RSA-4096 on Nitrokey Pro

2017-03-20 Thread Szczepan Zalega | Nitrokey 
On 03/20/2017 10:39 AM, Szczepan Zalega | Nitrokey wrote:
> As far as I remember it worked on Ubuntu 16.04 with GPG 2.0.x. I use now
> Ubuntu 16.10 with GPG 2.1.15. Logs attached.

I have just checked it on Ubuntu 16.04.2-server. It has a GPG with
version 2.1.11 (not 2.0.x, my mistake) and scdaemon in same version. The
keys have been generated successfully although it took about 15 minutes
to complete.


[1] http://paste.ubuntu.com/24214504/ - run log on GPG 2.1.11 / Ubuntu
16.04-2-server - another attempt

-- 
Best regards,
Szczepan


u16.04.2-server-nkpro0.7-rsa4096-run.log_2.scdaemon.gz
Description: application/gzip
sz@ubuntu:~/.gnupg⟫ gpg2 --card-status

Reader ...: 20A0:4108:319E:0
Application ID ...: D2760001240102010005319E
Version ..: 2.1
Manufacturer .: ZeitControl
Serial number : 319E
Name of cardholder: [not set]
Language prefs ...: de
Sex ..: unspecified
URL of public key : [not set]
Login data ...: [not set]
Signature PIN : not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 4
Signature key : 8001 0607 0C35 871D 8059  4BEF F83E 08C1 88EE F49F
  created : 2017-03-20 09:56:45
Encryption key: B120 6769 0ABD 2532 B05A  691B 485B 53AD 1FB6 C046
  created : 2017-03-20 09:56:45
Authentication key: 0A6C 7707 9326 2A25 2570  EAA6 9249 30CF C3D6 2787
  created : 2017-03-20 09:56:45
General key info..: pub  rsa4096/88EEF49F 2017-03-20 nkpro@4096 (nkpro@4096) 
<nkpro@4096>
sec>  rsa4096/88EEF49F  created: 2017-03-20  expires: 2017-03-21
card-no: 0005 319E
ssb>  rsa4096/C3D62787  created: 2017-03-20  expires: 2017-03-21
card-no: 0005 319E
ssb>  rsa4096/1FB6C046  created: 2017-03-20  expires: 2017-03-21
card-no: 0005 319E
sz@ubuntu:~/.gnupg⟫ tail scdaemon.log
2017-03-20 11:16:50 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:50 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 
status=7 changecnt=1
2017-03-20 11:16:51 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:51 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 
status=7 changecnt=1
2017-03-20 11:16:51 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:51 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 
status=7 changecnt=1
2017-03-20 11:16:52 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:52 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 
status=7 changecnt=1
2017-03-20 11:16:52 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0
2017-03-20 11:16:52 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 
status=7 changecnt=1
sz@ubuntu:~/.gnupg⟫ gpg2 --card-edit

Reader ...: 20A0:4108:319E:0
Application ID ...: D2760001240102010005319E
Version ..: 2.1
Manufacturer .: ZeitControl
Serial number : 319E
Name of cardholder: [not set]
Language prefs ...: de
Sex ..: unspecified
URL of public key : [not set]
Login data ...: [not set]
Signature PIN : not forced
Key attributes ...: rsa4096 rsa4096 rsa4096
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 4
Signature key : 8001 0607 0C35 871D 8059  4BEF F83E 08C1 88EE F49F
  created : 2017-03-20 09:56:45
Encryption key: B120 6769 0ABD 2532 B05A  691B 485B 53AD 1FB6 C046
  created : 2017-03-20 09:56:45
Authentication key: 0A6C 7707 9326 2A25 2570  EAA6 9249 30CF C3D6 2787
  created : 2017-03-20 09:56:45
General key info..: pub  rsa4096/88EEF49F 2017-03-20 nkpro@4096 (nkpro@4096) 
<nkpro@4096>
sec>  rsa4096/88EEF49F  created: 2017-03-20  expires: 2017-03-21
card-no: 0005 319E
ssb>  rsa4096/C3D62787  created: 2017-03-20  expires: 2017-03-21
card-no: 0005 319E
ssb>  rsa4096/1FB6C046  created: 2017-03-20  expires: 2017-03-21
card-no: 0005 319E

gpg/card> admin
Admin commands are allowed

gpg/card> generate
Make off-card backup of encryption key? (Y/n) n

gpg: Note: keys are already stored on the card!

Replace existing keys? (y/N) y

Please note that the factory settings of the PINs are
   PIN = '123456' Admin PIN = '12345678'
You should change them using the command --change-pin

What keysize do you want for the Signature key? (4096)
What keysize do you want for the Encryption key? (4096)
What keysize do you want for the Authentication key? (4096)
Please specify how long the key should be valid.
 0 = key does not expire
= key expires in n days
  w = key expires in n weeks
  m = key expires in n months
  y = key expires in n years
Key is valid for? (0) 1
Key expires at Tue 21 Mar 2017 11:17:12 AM CET
Is this correct