Re: GnuPG 2.2.20 under Termux (Android) ...
On 4/27/20 6:50 PM, Stefan Claas wrote: > I see in your address 'Nitrokey' and I was wondering (I have USB on my Samsung > A40) that a Nitrokey USB device would work properly with my Termux set-up, > i.e. > Nitrokey drivers which must be detected via Termux, so that it would work? > > Are you aware of if this was ever been tested? Hi! Sorry for the delay. Nitrokey devices were tested with OpenKeychain [1] (available on F-Droid and Google Play), but not with the Termux. I will keep in mind to check this. Regarding smart card related features no additional drivers are needed, only the usual GnuPG requirements apply: device access and scdaemon service running for the actual device communication. [1] https://www.openkeychain.org/ -- Best regards, Szczepan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GnuPG 2.2.20 under Termux (Android) ...
On 4/27/20 3:15 PM, Stefan Claas wrote: > maybe interesting for some of you. > > I just noticed that, after installing Golang under Termux > that Termux has also GnuPG already installed. > > https://ibb.co/hyG8q4Y > > Would people recommend using pure GnuPG on a smartphone, > compared to a (compromised?) PC? > > I ask, because I have not read yet what attacks (remotely) > are possible with smartphones, to obtain the secret keys. > > Any pointers to articles would be very welcome! > Hi! I would not keep the secrets on the mobile, but rather offload the computation to a simple device and communicate via USB/NFC. Reason is that this is a complicated communication device, which has a big attack surface. Here is a fresh remote code exploitation done over Bluetooth for Android 8/9 [1]. Fix was released in February 2020 as far as I see. In the past there were some issues with the WiFi as well AFAIR. [1] https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/ -- Best regards, Szczepan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Complete Ubuntu compile of GnuPG
On 11/25/2017 01:40 PM, murphy wrote: > Yes, the permissions and gpg-agent.conf creation is a problem I would > like to find an easy way around. As it turns out a fresh install of > ubuntu 16.04.3 already has /usr/bin/pinentry-gnome3 installed. That, > plus the fact that libgnutls28-dev also installs a bunch of stuff on my > bash file means I can reduce it to: > Hi! I have scripted an Ubuntu 17.10 docker container recently for building any GnuPG version and it is available at [1]. More details at [2]. Once built, it runs `gpg --card-edit` by default, but with [3] one can run any command. For building desired GnuPG version use (details at [4]): ``` bash docker-build.sh --build-arg GPG_VERSION=2.2.3 ``` [1] https://github.com/Nitrokey/gpg-docker [2] https://github.com/Nitrokey/gpg-docker/wiki [3] docker-run-command.sh [4] https://docs.docker.com/engine/reference/builder/#using-arg-variables -- Best regards, Szczepan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Generating a new keypair through GnuPG 2.x in Ubuntu 16.0.4
On 10/15/2017 11:55 PM, ved...@nym.hush.com wrote: > OK, > did this, and downloaded all of the dependent libraries to ./configure > gnupg-2.2.1 > (...) > libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I/usr/local/include > -I/usr/local/include -g -O2 -fvisibility=hidden -Wall -Wno-pointer-sign > -Wpointer-arith -MT visibility.lo -MD -MP -MF .deps/visibility.Tpo -c > visibility.c -fPIC -DPIC -o .libs/visibility.o > In file included from ntbtls-int.h:251:0, > from visibility.h:24, > from visibility.c:24: > context.h:24:18: fatal error: zlib.h: No such file or directory Hi! Apparently you do not have zlib's headers. apt-file says you can find them on Ubuntu in package: zlib1g-dev (/usr/include/zlib.h). -- Best regards, Szczepan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: error while trying to run make
On 06/07/2017 02:45 PM, Marianne Hommer wrote: > I am trying to run make on GPG 2.1.21 and get the following errors. > I do not see any errors from installing the pre req programs. > Hello, Similar issue regarding `IN_EXCL_UNLINK` was solved earlier. See thread from 05/09/2017 07:12 PM, topic: `undeclared function identified during make - gnupg-2.1.20`. -- Best regards, Szczepan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Generating RSA-4096 on Nitrokey Pro
On 03/27/2017 04:40 AM, NIIBE Yutaka wrote: > NIIBE Yutakawrote: >> I think that the CCID driver has a bug for TPDU handling for time >> extension from the card. > > I confirmed that the problem can be reproducible with Gemelto card > reader (TPDU exchange). > (...) > > I put a kludge to handle this special case in the internal CCID driver. > > Fixed in 0848cfcce738150b53bfb65b78efc1e6dc9f3d26. > Hi! Thank you for the patch! I will check it on next occasion and leave feedback. -- Best regards, Szczepan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Generating RSA-4096 on Nitrokey Pro
On 03/20/2017 10:39 AM, Szczepan Zalega | Nitrokey wrote: > I would like to generate RSA-4096 key on Nitrokey Pro v0.7 device. > During the generation error is shown: > ``` > gpg: key generation failed: Card error > Key generation failed: Card error > gpg: error setting forced signature PIN flag: Input/output error > ``` > In scdaemon.log I see that libusb reports time-outs: > ``` > 2017-03-17 20:26:51 scdaemon[16299] DBG: ccid-driver: usb_bulk_read > error: LIBUSB_ERROR_TIMEOUT > 2017-03-17 20:26:51 scdaemon[16299] ccid_transceive failed: (0x1000a) > 2017-03-17 20:26:51 scdaemon[16299] apdu_send_simple(0) failed: card I/O > error > ``` > Same is occurring on latest GPG 2.1.19. Attached logs taken under Arch Linux. Any ideas how to fix it? -- Best regards, Szczepan scdaemon-pro-4096-2.1.19-arch-linux.log.txt.gz Description: application/gzip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Generating RSA-4096 on Nitrokey Pro
On 03/20/2017 10:39 AM, Szczepan Zalega | Nitrokey wrote: > As far as I remember it worked on Ubuntu 16.04 with GPG 2.0.x. I use now > Ubuntu 16.10 with GPG 2.1.15. Logs attached. I have just checked it on Ubuntu 16.04.2-server. It has a GPG with version 2.1.11 (not 2.0.x, my mistake) and scdaemon in same version. The keys have been generated successfully although it took about 15 minutes to complete. [1] http://paste.ubuntu.com/24214504/ - run log on GPG 2.1.11 / Ubuntu 16.04-2-server - another attempt -- Best regards, Szczepan u16.04.2-server-nkpro0.7-rsa4096-run.log_2.scdaemon.gz Description: application/gzip sz@ubuntu:~/.gnupg⟫ gpg2 --card-status Reader ...: 20A0:4108:319E:0 Application ID ...: D2760001240102010005319E Version ..: 2.1 Manufacturer .: ZeitControl Serial number : 319E Name of cardholder: [not set] Language prefs ...: de Sex ..: unspecified URL of public key : [not set] Login data ...: [not set] Signature PIN : not forced Key attributes ...: rsa4096 rsa4096 rsa4096 Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 4 Signature key : 8001 0607 0C35 871D 8059 4BEF F83E 08C1 88EE F49F created : 2017-03-20 09:56:45 Encryption key: B120 6769 0ABD 2532 B05A 691B 485B 53AD 1FB6 C046 created : 2017-03-20 09:56:45 Authentication key: 0A6C 7707 9326 2A25 2570 EAA6 9249 30CF C3D6 2787 created : 2017-03-20 09:56:45 General key info..: pub rsa4096/88EEF49F 2017-03-20 nkpro@4096 (nkpro@4096) <nkpro@4096> sec> rsa4096/88EEF49F created: 2017-03-20 expires: 2017-03-21 card-no: 0005 319E ssb> rsa4096/C3D62787 created: 2017-03-20 expires: 2017-03-21 card-no: 0005 319E ssb> rsa4096/1FB6C046 created: 2017-03-20 expires: 2017-03-21 card-no: 0005 319E sz@ubuntu:~/.gnupg⟫ tail scdaemon.log 2017-03-20 11:16:50 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0 2017-03-20 11:16:50 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1 2017-03-20 11:16:51 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0 2017-03-20 11:16:51 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1 2017-03-20 11:16:51 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0 2017-03-20 11:16:51 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1 2017-03-20 11:16:52 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0 2017-03-20 11:16:52 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1 2017-03-20 11:16:52 scdaemon[23560] DBG: enter: apdu_get_status: slot=0 hang=0 2017-03-20 11:16:52 scdaemon[23560] DBG: leave: apdu_get_status => sw=0x0 status=7 changecnt=1 sz@ubuntu:~/.gnupg⟫ gpg2 --card-edit Reader ...: 20A0:4108:319E:0 Application ID ...: D2760001240102010005319E Version ..: 2.1 Manufacturer .: ZeitControl Serial number : 319E Name of cardholder: [not set] Language prefs ...: de Sex ..: unspecified URL of public key : [not set] Login data ...: [not set] Signature PIN : not forced Key attributes ...: rsa4096 rsa4096 rsa4096 Max. PIN lengths .: 32 32 32 PIN retry counter : 3 0 3 Signature counter : 4 Signature key : 8001 0607 0C35 871D 8059 4BEF F83E 08C1 88EE F49F created : 2017-03-20 09:56:45 Encryption key: B120 6769 0ABD 2532 B05A 691B 485B 53AD 1FB6 C046 created : 2017-03-20 09:56:45 Authentication key: 0A6C 7707 9326 2A25 2570 EAA6 9249 30CF C3D6 2787 created : 2017-03-20 09:56:45 General key info..: pub rsa4096/88EEF49F 2017-03-20 nkpro@4096 (nkpro@4096) <nkpro@4096> sec> rsa4096/88EEF49F created: 2017-03-20 expires: 2017-03-21 card-no: 0005 319E ssb> rsa4096/C3D62787 created: 2017-03-20 expires: 2017-03-21 card-no: 0005 319E ssb> rsa4096/1FB6C046 created: 2017-03-20 expires: 2017-03-21 card-no: 0005 319E gpg/card> admin Admin commands are allowed gpg/card> generate Make off-card backup of encryption key? (Y/n) n gpg: Note: keys are already stored on the card! Replace existing keys? (y/N) y Please note that the factory settings of the PINs are PIN = '123456' Admin PIN = '12345678' You should change them using the command --change-pin What keysize do you want for the Signature key? (4096) What keysize do you want for the Encryption key? (4096) What keysize do you want for the Authentication key? (4096) Please specify how long the key should be valid. 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 1 Key expires at Tue 21 Mar 2017 11:17:12 AM CET Is this correct