Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2012-11-01 11:17:06 +0900

gniibe gravatar image gniibe flag of Japan

http://www.gniibe.org/

OK, here are instructions to install (overwrite) NeuG to FST-01 with Gnuk (with GnuPG key on your host PC). No additional hardware is required, but if you will get some failure, you will need SWD debugger.

This text assumes that you are using something like GNU/Linux and you have privilege to change your system. FYI, I am using Debian.

  1. Prepare for NeuG, reGNUal, and tools, or get binaries

    Prepare for NeuG, reGNUal and tools from source code of Gnuk and NeuG. Or you can get binaries and tools or its tarball.

  2. Install software needed

    You need GnuPG proper installed (version 1.4.x or version 2.0.x), as well as gpg-agent and scdaemon. The tool named monkeysphere is needed (If you are using GnuPG 2.1.x, the development version, you don't need monkeysphere). Python (2.6 or later, but not 3.x) and PyUSB are also needed. PC/SC-lite is optional, and it is better not to install it (it is OK to have it, but you need to stop its service).

  3. Configure your system

    If you have PC/SC-lite in your system, please stop the service, at first. Please configure udev rules so that Gnuk works for normal user. Please refer Debian bug #691392 for gnupg and Debian bug #543217 for gnupg2. Just chmod manually by root won't work and you will get failure, since USB address will change in the process of firmware installation.

  4. Check if Gnuk works well

    Please check if Gnuk works. Using lsusb command:

    $ lsusb -d 234b:0000

    And using gpg,

    $ gpg --card-status

    See Question #11.

  5. Create your GnuPG key and add subkey for authentication on your host PC

    Please create your key. See generating RSA 2048-bit key. Note that RSA 2048-bit key is required.

  6. Add your subkey under control of gpg-agent

    Please invoke monkeysphere with s (subkey-to-ssh-agent) argument:

    $ monkeysphere s

  7. Run gpg-connect-agent and get a keygrip

    You get 'keygrip' by gpg-connect-agent:

    $ gpg-connect-agent "KEYINFO --list" /bye S KEYINFO 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 D - - - - -

    In the example above, 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 is the keygrip.

  8. Run tool/get_raw_public_key.py

    You run tool/get_raw_public_key.py to extract raw data of your public key.

    $ ./tool/get_raw_public_key.py 9277C5875C8AFFCB727661C18BE4E0A0DEED9260

    Here, you specify the keygrip of your public key. Then you get the file 9277C587.bin. This is your binary raw data of your public key.

  9. Register your public key for firmware installation authentication

    You register your public key to Gnuk Token, so that you can use the public key for authentication.

    $ ./tool/gnuk_put_binary_libusb.py -k 0 9277C587.bin

  10. Invoke tool/gnuk_upgrade.py with reGNUal and NeuG

    Lastly, you run tool/gnuk_upgrade.py, which does ask public key authentication to Gnuk, and send reGNUal, and send NeuG using reGNUal.

    $ ./tool/gnuk_upgrade.py -k 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 regnual/regnual.bin neug/neug.bin

That's all. Please paste your session here as your answer when you will install using reGNUal.

click to hide/show revision 2
add a workaround of gpg-agent's bug

OK, here are instructions to install (overwrite) NeuG to FST-01 with Gnuk (with GnuPG key on your host PC). No additional hardware is required, but if you will get some failure, you will need SWD debugger.

This text assumes that you are using something like GNU/Linux and you have privilege to change your system. FYI, I am using Debian.

  1. Prepare for NeuG, reGNUal, and tools, or get binaries

    Prepare for NeuG, reGNUal and tools from source code of Gnuk and NeuG. Or you can get binaries and tools or its tarball.

  2. Install software needed

    You need GnuPG proper installed (version 1.4.x or version 2.0.x), as well as gpg-agent and scdaemon. The tool named monkeysphere is needed (If you are using GnuPG 2.1.x, the development version, you don't need monkeysphere). Python (2.6 or later, but not 3.x) and PyUSB are also needed. PC/SC-lite is optional, and it is better not to install it (it is OK to have it, but you need to stop its service).

  3. Configure your system

    If you have PC/SC-lite in your system, please stop the service, at first. Please configure udev rules so that Gnuk works for normal user. Please refer Debian bug #691392 for gnupg and Debian bug #543217 for gnupg2. Just chmod manually by root won't work and you will get failure, since USB address will change in the process of firmware installation.

  4. Check if Gnuk works well

    Please check if Gnuk works. Using lsusb command:

    $ lsusb -d 234b:0000

    And using gpg,

    $ gpg --card-status

    See Question #11.

  5. Create your GnuPG key and add subkey for authentication on your host PC

    Please create your key. See generating RSA 2048-bit key. Note that RSA 2048-bit key is required.

  6. Add your subkey under control of gpg-agent

    Please invoke monkeysphere with s (subkey-to-ssh-agent) argument:

    $ monkeysphere s

  7. Run gpg-connect-agent and get a keygrip

    You get 'keygrip' by gpg-connect-agent:

    $ gpg-connect-agent "KEYINFO --list" /bye S KEYINFO 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 D - - - - -

    In the example above, 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 is the keygrip.

  8. Binary edit the file ~/.gnupg/private-key-v1.d/<KEYGRIP>.key

    Because of a bug I reported, you need to edit the file of your private key.

    This step will not be required once the bug will be fixed.

    Please remove the data of comment field. The string of the field is like:

    (7:comment:NN:YOUR-NAME <YOUR-MAIL-ADDRESS>)

    After the edit, please let gpg-agent reload by:

    $ gpg-connect-agent RELOADAGENT /bye

  9. Run tool/get_raw_public_key.py

    You run tool/get_raw_public_key.py to extract raw data of your public key.

    $ ./tool/get_raw_public_key.py 9277C5875C8AFFCB727661C18BE4E0A0DEED9260

    Here, you specify the keygrip of your public key. Then you get the file 9277C587.bin. This is your binary raw data of your public key.

  10. Register your public key for firmware installation authentication

    You register your public key to Gnuk Token, so that you can use the public key for authentication.

    $ ./tool/gnuk_put_binary_libusb.py -k 0 9277C587.bin

  11. Invoke tool/gnuk_upgrade.py with reGNUal and NeuG

    Lastly, you run tool/gnuk_upgrade.py, which does ask public key authentication to Gnuk, and send reGNUal, and send NeuG using reGNUal.

    $ ./tool/gnuk_upgrade.py -k 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 regnual/regnual.bin neug/neug.bin

That's all. Please paste your session here as your answer when you will install using reGNUal.

OK, here are instructions to install (overwrite) NeuG to FST-01 with Gnuk (with GnuPG key on your host PC). No additional hardware is required, but if you will get some failure, you will need SWD debugger.debugger. Note that Gnuk will be overwritten by NeuG, it is not possible to run Gnuk and NeuG at the same time.

This text assumes that you are using something like GNU/Linux and you have privilege to change your system. FYI, I am using Debian.

  1. Prepare for NeuG, reGNUal, and tools, or get binaries

    Prepare for NeuG, reGNUal and tools from source code of Gnuk and NeuG. Or you can get binaries and tools or its tarball.

  2. Install software needed

    You need GnuPG proper installed (version 1.4.x or version 2.0.x), as well as gpg-agent and scdaemon. The tool named monkeysphere is needed (If you are using GnuPG 2.1.x, the development version, you don't need monkeysphere). Python (2.6 or later, but not 3.x) and PyUSB are also needed. PC/SC-lite is optional, and it is better not to install it (it is OK to have it, but you need to stop its service).

  3. Configure your system

    If you have PC/SC-lite in your system, please stop the service, at first. Please configure udev rules so that Gnuk works for normal user. Please refer Debian bug #691392 for gnupg and Debian bug #543217 for gnupg2. Just chmod manually by root won't work and you will get failure, since USB address will change in the process of firmware installation.

  4. Check if Gnuk works well

    Please check if Gnuk works. Using lsusb command:

    $ lsusb -d 234b:0000

    And using gpg,

    $ gpg --card-status

    See Question #11.

  5. Create your GnuPG key and add subkey for authentication on your host PC

    Please create your key. See generating RSA 2048-bit key. Note that RSA 2048-bit key is required.

  6. Add your subkey under control of gpg-agent

    Please invoke monkeysphere with s (subkey-to-ssh-agent) argument:

    $ monkeysphere s

  7. Run gpg-connect-agent and get a keygrip

    You get 'keygrip' by gpg-connect-agent:

    $ gpg-connect-agent "KEYINFO --list" /bye S KEYINFO 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 D - - - - -

    In the example above, 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 is the keygrip.

  8. Binary edit the file ~/.gnupg/private-key-v1.d/<KEYGRIP>.key

    Because of a bug I reported, you need to edit the file of your private key.

    This step will not be required once the bug will be fixed.

    Please remove the data of comment field. The string of the field is like:

    (7:comment:NN:YOUR-NAME <YOUR-MAIL-ADDRESS>)

    After the edit, please let gpg-agent reload by:

    $ gpg-connect-agent RELOADAGENT /bye

  9. Run tool/get_raw_public_key.py

    You run tool/get_raw_public_key.py to extract raw data of your public key.

    $ ./tool/get_raw_public_key.py 9277C5875C8AFFCB727661C18BE4E0A0DEED9260

    Here, you specify the keygrip of your public key. Then you get the file 9277C587.bin. This is your binary raw data of your public key.

  10. Register your public key for firmware installation authentication

    You register your public key to Gnuk Token, so that you can use the public key for authentication.

    $ ./tool/gnuk_put_binary_libusb.py -k 0 9277C587.bin

  11. Invoke tool/gnuk_upgrade.py with reGNUal and NeuG

    Lastly, you run tool/gnuk_upgrade.py, which does ask public key authentication to Gnuk, and send reGNUal, and send NeuG using reGNUal.

    $ ./tool/gnuk_upgrade.py -k 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 regnual/regnual.bin neug/neug.bin

That's all. Please paste your session here as your answer when you will install using reGNUal.

OK, here are instructions to install NeuG to FST-01 with Gnuk (with GnuPG key on your host PC). No additional hardware is required, but if you will get some failure, you will need SWD debugger. Note that Gnuk will be overwritten by NeuG, it is not possible to run Gnuk and NeuG at the same time.

This text assumes that you are using something like GNU/Linux and you have privilege to change your system. FYI, I am using Debian.

  1. Prepare for NeuG, reGNUal, and tools, or get binaries

    Prepare for NeuG, reGNUal and tools from source code of Gnuk and NeuG. Or you can get binaries and tools or its tarball.

  2. Install software needed

    You need GnuPG proper installed (version 1.4.x or version 2.0.x), as well as gpg-agent and scdaemon. The tool named monkeysphere is needed (If you are using GnuPG 2.1.x, the development version, you don't need monkeysphere). Python (2.6 or later, but not 3.x) and PyUSB are also needed. PC/SC-lite is optional, and it is better not to install it (it is OK to have it, but you need to stop its service).

  3. Configure your system

    If you have PC/SC-lite in your system, please stop the service, at first. Please configure udev rules so that Gnuk works for normal user. Please refer Debian bug #691392 for gnupg and Debian bug #543217 for gnupg2. Just chmod manually by root won't work and you will get failure, since USB address will change in the process of firmware installation.

  4. Check if Gnuk works well

    Please check if Gnuk works. Using lsusb command:

    $ lsusb -d 234b:0000

    And using gpg,

    $ gpg --card-status

    See Question #11.

  5. Create your GnuPG key and add subkey for authentication on your host PC

    Please create your key. See generating RSA 2048-bit key. Note that RSA 2048-bit key is required.

  6. Add your subkey under control of gpg-agent

    Please invoke monkeysphere with s (subkey-to-ssh-agent) argument:

    $ monkeysphere s

  7. Run gpg-connect-agent and get a keygrip

    You get 'keygrip' by gpg-connect-agent:

    $ gpg-connect-agent "KEYINFO --list" /bye S KEYINFO 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 D - - - - -

    In the example above, 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 is the keygrip.

  8. Binary edit the file ~/.gnupg/private-key-v1.d/<KEYGRIP>.key

    Because of a bug I reported, you need to edit the file of your private key.

    This step will not be required once the bug will be fixed.

    Please remove the data of comment field. The string of the field is like:

    (7:comment:NN:YOUR-NAME <YOUR-MAIL-ADDRESS>)

    After the edit, please let gpg-agent reload by:

    $ gpg-connect-agent RELOADAGENT /bye

  9. Run tool/get_raw_public_key.py

    You run tool/get_raw_public_key.py to extract raw data of your public key.

    $ ./tool/get_raw_public_key.py 9277C5875C8AFFCB727661C18BE4E0A0DEED9260

    Here, you specify the keygrip of your public key. Then you get the file 9277C587.bin. This is your binary raw data of your public key.

  10. Kill scdaemon

    To proceed to next step, it is needed to kill scdaemon to release Gnuk device from its control.

      $ gpg-connect-agent "SCD KILLSCD" "SCD BYE" /bye
      ERR 100679679 End of file <SCD>
      OK
    

    Please check there is no scdaemon (by ps aux).

  11. Register your public key for firmware installation authentication

    You register your public key to Gnuk Token, so that you can use the public key for authentication.

    $ ./tool/gnuk_put_binary_libusb.py -k 0 9277C587.bin

  12. Invoke tool/gnuk_upgrade.py with reGNUal and NeuG

    Lastly, you run tool/gnuk_upgrade.py, which does ask public key authentication to Gnuk, and send reGNUal, and send NeuG using reGNUal.

    $ ./tool/gnuk_upgrade.py -k 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 regnual/regnual.bin neug/neug.bin

That's all. Please paste your session here as your answer when you will install using reGNUal.

OK, here are instructions to install NeuG to FST-01 with Gnuk (with GnuPG key on your host PC). No additional hardware is required, but if you will get some failure, you will need SWD debugger. Note that Gnuk will be overwritten by NeuG, it is not possible to run Gnuk and NeuG at the same time.

This text assumes that you are using something like GNU/Linux and you have privilege to change your system. FYI, I am using Debian.

  1. Prepare for NeuG, reGNUal, and tools, or get binaries

    Prepare for NeuG, reGNUal and tools from source code of Gnuk and NeuG. Or you can get binaries and tools or its tarball.

  2. Install software needed

    You need GnuPG proper installed (version 1.4.x or version 2.0.x), as well as gpg-agent and scdaemon. The tool named monkeysphere is needed (If you are using GnuPG 2.1.x, the development version, you don't need monkeysphere). Python (2.6 or later, but not 3.x) and PyUSB are also needed. PC/SC-lite is optional, and it is better not to install it (it is OK to have it, but you need to stop its service).

  3. Configure your system

    If you have PC/SC-lite in your system, please stop the service, at first. Please configure udev rules so that Gnuk works for normal user. Please refer Debian bug #691392 for gnupg and Debian bug #543217 for gnupg2. Just chmod manually by root won't work and you will get failure, since USB address will change in the process of firmware installation.

  4. Check if Gnuk works well

    Please check if Gnuk works. Using lsusb command:

    $ lsusb -d 234b:0000

    And using gpg,

    $ gpg --card-status

    See Question #11.

  5. Create your GnuPG key and add subkey for authentication on your host PC

    Please create your key. See generating RSA 2048-bit key. Note that RSA 2048-bit key is required.

  6. Add your subkey under control of gpg-agent

    Please invoke monkeysphere with s (subkey-to-ssh-agent) argument:

    $ monkeysphere s

  7. Run gpg-connect-agent and get a keygrip

    You get 'keygrip' by gpg-connect-agent:

    $ gpg-connect-agent "KEYINFO --list" /bye
     S KEYINFO 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 D - - - - -

    -

    In the example above, 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 is the keygrip.

  8. Binary edit the file ~/.gnupg/private-key-v1.d/<KEYGRIP>.key

    Because of a bug I reported, you need to edit the file of your private key.

    This step will not be required once the bug will be fixed.

    Please remove the data of comment field. The string of the field is like:

    (7:comment:NN:YOUR-NAME <YOUR-MAIL-ADDRESS>)

    After the edit, please let gpg-agent reload by:

    $ gpg-connect-agent RELOADAGENT /bye

  9. Run tool/get_raw_public_key.py

    You run tool/get_raw_public_key.py to extract raw data of your public key.

    $ ./tool/get_raw_public_key.py 9277C5875C8AFFCB727661C18BE4E0A0DEED9260

    Here, you specify the keygrip of your public key. Then you get the file 9277C587.bin. This is your binary raw data of your public key.

  10. Kill scdaemon

    To proceed to next step, it is needed to kill scdaemon to release Gnuk device from its control.

      $ gpg-connect-agent "SCD KILLSCD" "SCD BYE" /bye
      ERR 100679679 End of file <SCD>
      OK
    

    Please check there is no scdaemon (by ps aux).

  11. Register your public key for firmware installation authentication

    You register your public key to Gnuk Token, so that you can use the public key for authentication.

    $ ./tool/gnuk_put_binary_libusb.py -k 0 9277C587.bin

  12. Invoke tool/gnuk_upgrade.py with reGNUal and NeuG

    Lastly, you run tool/gnuk_upgrade.py, which does ask public key authentication to Gnuk, and send reGNUal, and send NeuG using reGNUal.

    $ ./tool/gnuk_upgrade.py -k 9277C5875C8AFFCB727661C18BE4E0A0DEED9260 regnual/regnual.bin neug/neug.bin

That's all. Please paste your session here as your answer when you will install using reGNUal.