solokeys / openpgp Goto Github PK
View Code? Open in Web Editor NEWOpenPGP functionality for Solo
OpenPGP functionality for Solo
Hi, I'm trying to compile this on MacOs and I see that there's a device.h file missing (included on ./src/opgpdevice.h). I wonder where that's been sourced from, because many of the packages you reference on the README are linux only.
PS: I can try to fixup the build for this platform and submit a pull request as well.
Could not get this to work when following the actual readme.md
Turns out the git clone command needed to be
git clone --recurse-submodules https://github.com/solokeys/openpgp.git
to work for me (Ubuntu 18.04)
After I fixed the bearssl include problem with
I get
craig@other:~/src/solokeys-openpgp$ make
g++ -std=c++17 -Os -Wall -g3 -I. -Ipc/ -Isrc/ -Ilibs/mbedtls/ -Ilibs/mbedtls/mbedtls/crypto/include/ -Ilibs/stm32fs/ -Ilibs/bearssl/ -c -o obj/opgpdevice.o ./pc/opgpdevice.cpp
./pc/opgpdevice.cpp:31:10: fatal error: spiffs.h: No such file or directory
#include <spiffs.h>
^~~~~~~~~~
compilation terminated.
make: *** [Makefile:28: obj/opgpdevice.o] Error 1
workaround is to remove the 'pc' directory so I just build for the solokeys hacker device
craig@other:~/src/solokeys-openpgp$ git diff
diff --git a/Makefile b/Makefile
index a37b4ea..0a8c2af 100644
--- a/Makefile
+++ b/Makefile
@@ -5,8 +5,7 @@ RM = rm -rf
rwildcard=$(wildcard $1$2) $(foreach d,$(wildcard $1*),$(call rwildcard,$d/,$2))
OBJ_DIR := ./obj
-SRC_DIRS := ./pc \
- ./src \
+SRC_DIRS := ./src \
./src/applications \
./src/applications/openpgp \
./libs/stm32fs
but that leaves me with the next error:
c/cryptolib.cpp
./src/cryptolib.cpp:15:10: fatal error: device.h: No such file or directory
#include "device.h"
^~~~~~~~~~
compilation terminated.
make: *** [Makefile:27: obj/cryptolib.o] Error 1
I will continue working through these errors and see if I can fix things up and submit a PR.
As stated it would be awesome if you could test the GPG implementation with the Secure Shell App/Extension. See the directions/dependencies here and you can probably ping the Chromium team get your awesome Solo/Somu added to this page once it is working.
I have this working with a Yubikey with GPG so I could probably help run through some test scenarios as well.
I' tried running the openpgp app on Linux but I got an issue with importing bearSSL, it couldn't be found.
I saw in the post that it should also work on Windows, is there an install guide for windows?
admin and unblock pins both return 'bad pin' when trying to set.
resetting user pin from 123456 to something else returns 'card error'
gpg (GnuPG) 2.2.19
libgcrypt 1.8.5
I am curious if the Solo OpenPGP firmware will support Ed25519 curves? This is my biggest issue with Yubikeys, I've contacted them and they do not have a roadmap for adding it.
I'd much prefer to use my Solo full time, and once it has GPG support I will be able to, and ideally it would support Ed25519.
It would be beneficial if the solokeys were capable of generating non-extractable gpg and ssh keys.
commands
gpg2 --card-edit
admin
generate
result
gpg: key generation failed: General error
Key generation failed: General error
it looks like some of constants in DO are wrong...
For constructed DO GET DATA requests, it looks like the replies should be 1 single constructed DO/TLV.
Some examples:
Currently looks like:
>> GET DATA [CA] var. Application Related Data. [006e]
<<
5-16. Full AID. [004f]: d2760001240102010005000031880000 (216 bytes total)
>> GET DATA [CA] var. Cardholder related data. [0065]
<<
0-39. Name. [005b]: (9 bytes total)
Should be like this:
>> GET DATA [CA] var. Application Related Data. [006e]
<<
var. Application Related Data. [006e]:
5-16. Full AID. [004f]: d2760001240102010006086910620000
0-15. Historical bytes. [5f52]: 0073000080059000
3. Optional general feature management. [7f74]:
RSA modulus. [0081]: 20
var. Discretionary data objects. [0073]:
10. Extended capabilities. [00c0]: 3c00000004c000ff00ff
var. Algorithm attributes signature. [00c1]: 010800001100
var. Algorithm attributes decryption. [00c2]: 011000001100
var. Algorithm attributes authentication. [00c3]: 011000001100
7. PW status Bytes (PW1, PW1 max length, RC max length, PW3 max length, ...) [00c4]: 017f7f7f030003
60. fingerprints, 20 bytes each for sig,dec,auth. [00c5]: 682626763c5676d3f13b9d5adf6990fc44fc439243eee30ef73bfd53e25cb0d1dae105de65de9c0407c3573447987972785915e1bd5c5f1fc3c313bb
60. CA fingerprints, 20 bytes each. [00c6]: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
12. List of 3, 4-byte dates for pubkey pairs. [00cd]: 5dfcf74e5dfc0bbc5dfc0c54 (224 bytes total)
>> GET DATA [CA] var. Cardholder related data. [0065]
<<
var. Cardholder related data. [0065]:
0-39. Name. [005b]:
2-8. Language preferences. [5f2d]:
1. Sex. [5f35]: 39 (11 bytes total)
Hi there,
Trying to build on arch, getting:
▶ make
g++ -std=c++17 -Os -Wall -g3 -I. -Ipc/ -Isrc/ -Ilibs/mbedtls/ -Ilibs/mbedtls/mbedtls/crypto/include/ -Ilibs/stm32fs/ -Ilibs/bearssl/ -Ilibs/spiffs/ -Ilibs/spiffs/default -Ilibs/spiffs/test -c -o obj/opgpdevice.o ./pc/opgpdevice.cpp
g++ -std=c++17 -Os -Wall -g3 -I. -Ipc/ -Isrc/ -Ilibs/mbedtls/ -Ilibs/mbedtls/mbedtls/crypto/include/ -Ilibs/stm32fs/ -Ilibs/bearssl/ -Ilibs/spiffs/ -Ilibs/spiffs/default -Ilibs/spiffs/test -c -o obj/cryptolib.o ./src/cryptolib.cpp
g++ -std=c++17 -Os -Wall -g3 -I. -Ipc/ -Isrc/ -Ilibs/mbedtls/ -Ilibs/mbedtls/mbedtls/crypto/include/ -Ilibs/stm32fs/ -Ilibs/bearssl/ -Ilibs/spiffs/ -Ilibs/spiffs/default -Ilibs/spiffs/test -c -o obj/opgputil.o ./src/opgputil.cpp
./src/opgputil.cpp:9:10: fatal error: led.h: No such file or directory
9 | #include "led.h"
| ^~~~~~~
./pc/opgpdevice.cpp:31:10: fatal error: spiffs.h: No such file or directory
31 | #include <spiffs.h>
| ^~~~~~~~~~
compilation terminated.
compilation terminated.
make: *** [Makefile:31: obj/opgpdevice.o] Error 1
make: *** Waiting for unfinished jobs....
make: *** [Makefile:31: obj/opgputil.o] Error 1
./src/cryptolib.cpp:15:10: fatal error: device.h: No such file or directory
15 | #include "device.h"
| ^~~~~~~~~~
compilation terminated.
make: *** [Makefile:31: obj/cryptolib.o] Error 1
Then with #24, I fixed spiffs. I used submodule strategy, let me know if you prefer another method.
▶ make
g++ -std=c++17 -Os -Wall -g3 -I. -Ipc/ -Isrc/ -Ilibs/mbedtls/ -Ilibs/mbedtls/mbedtls/crypto/include/ -Ilibs/stm32fs/ -Ilibs/bearssl/ -Ilibs/spiffs/src -Ilibs/spiffs/src/default -Ilibs/spiffs/src/test -c -o obj/opgpdevice.o ./pc/opgpdevice.cpp
g++ -std=c++17 -Os -Wall -g3 -I. -Ipc/ -Isrc/ -Ilibs/mbedtls/ -Ilibs/mbedtls/mbedtls/crypto/include/ -Ilibs/stm32fs/ -Ilibs/bearssl/ -Ilibs/spiffs/src -Ilibs/spiffs/src/default -Ilibs/spiffs/src/test -c -o obj/cryptolib.o ./src/cryptolib.cpp
g++ -std=c++17 -Os -Wall -g3 -I. -Ipc/ -Isrc/ -Ilibs/mbedtls/ -Ilibs/mbedtls/mbedtls/crypto/include/ -Ilibs/stm32fs/ -Ilibs/bearssl/ -Ilibs/spiffs/src -Ilibs/spiffs/src/default -Ilibs/spiffs/src/test -c -o obj/opgputil.o ./src/opgputil.cpp
./src/opgputil.cpp:9:10: fatal error: led.h: No such file or directory
9 | #include "led.h"
| ^~~~~~~
compilation terminated.
make: *** [Makefile:31: obj/opgputil.o] Error 1
make: *** Waiting for unfinished jobs....
./src/cryptolib.cpp:15:10: fatal error: device.h: No such file or directory
15 | #include "device.h"
| ^~~~~~~~~~
compilation terminated.
make: *** [Makefile:31: obj/cryptolib.o] Error 1
./pc/opgpdevice.cpp: In function ‘void hw_spiffs_mount()’:
./pc/opgpdevice.cpp:71:26: error: invalid conversion from ‘s32_t (*)(u32_t, u32_t, u8_t*)’ {aka ‘int (*)(unsigned int, unsigned int, unsigned char*)’} to ‘spiffs_read’ {aka ‘int (*)(spiffs_t*, unsigned int, unsigned int, unsigned char*)’} [-fpermissive]
71 | cfg.hal_read_f = hw_spiffs_read;
| ^~~~~~~~~~~~~~
| |
| s32_t (*)(u32_t, u32_t, u8_t*) {aka int (*)(unsigned int, unsigned int, unsigned char*)}
./pc/opgpdevice.cpp:72:27: error: invalid conversion from ‘s32_t (*)(u32_t, u32_t, u8_t*)’ {aka ‘int (*)(unsigned int, unsigned int, unsigned char*)’} to ‘spiffs_write’ {aka ‘int (*)(spiffs_t*, unsigned int, unsigned int, unsigned char*)’} [-fpermissive]
72 | cfg.hal_write_f = hw_spiffs_write;
| ^~~~~~~~~~~~~~~
| |
| s32_t (*)(u32_t, u32_t, u8_t*) {aka int (*)(unsigned int, unsigned int, unsigned char*)}
./pc/opgpdevice.cpp:73:27: error: invalid conversion from ‘s32_t (*)(u32_t, u32_t)’ {aka ‘int (*)(unsigned int, unsigned int)’} to ‘spiffs_erase’ {aka ‘int (*)(spiffs_t*, unsigned int, unsigned int)’} [-fpermissive]
73 | cfg.hal_erase_f = hw_spiffs_erase;
| ^~~~~~~~~~~~~~~
| |
| s32_t (*)(u32_t, u32_t) {aka int (*)(unsigned int, unsigned int)}
./pc/opgpdevice.cpp: In function ‘int ireadfile(char*, uint8_t*, size_t, size_t*)’:
./pc/opgpdevice.cpp:271:15: error: ordered comparison of pointer with integer zero (‘FILE*’ and ‘int’)
271 | if (f <= 0)
| ~~^~~~
./pc/opgpdevice.cpp: In function ‘int iwritefile(char*, uint8_t*, size_t)’:
./pc/opgpdevice.cpp:314:15: error: ordered comparison of pointer with integer zero (‘FILE*’ and ‘int’)
314 | if (f <= 0)
| ~~^~~~
make: *** [Makefile:31: obj/opgpdevice.o] Error 1
Whilst trying to follow the steps from the readme the make
command failed. At least there is a typo in the applet/applets name in the Makefile
, but there also seem to be a few files missing.
In the end I was unable to make the main
app because of the mbedtls lib. I guess I'm a bit too soon to the party for my level of experience.
Following the README compile instructions it gave me the following
$ make
g++ -std=c++17 -O2 -Wall -g3 -I. -Ipc/ -Isrc/ -c -o obj/apduexecutor.o ./src/apduexecutor.cpp
In file included from src/applets/openpgp/openpgpstruct.h:17,
from src/applets/openpgp/security.h:18,
from src/applets/openpgp/openpgpfactory.h:13,
from src/applets/openpgpapplet.h:14,
from src/applets/appletstorage.h:19,
from src/apduexecutor.h:15,
from ./src/apduexecutor.cpp:10:
src/cryptolib.h:19:10: fatal error: mbedtls/config.h: No such file or directory
#include <mbedtls/config.h>
^~~~~~~~~~~~~~~~~~
compilation terminated.
make: *** [Makefile:23: obj/apduexecutor.o] Error 1
It's missing libmbedtls-dev
when running Ubuntu 19.04.
sudo apt install libmbedtls-dev
fixes it.
Apologies for re-raising a type of question that has already been brought up multiple times.
I have spent some time trying to build this project, however, even reading the other related issues, and looking at @merlokk 's MR solokeys/solo1#447 my attempts to build have so far been unsuccessful.
I'd appreciate any help towards understanding how to build this project - or information that it's not currently feasible. Thanks in advance!
If you guys are looking to implement CCID interface I thought I would share something I came across that might help. As you probably know GNUK is GPLv3 which is probably not going to work for a device that only allows signed updates (tivoization). However, here is an LGPL implementation I found - https://patchwork.ozlabs.org/patch/61775/
I have been meaning to try and get something like this working with OnlyKey but have not had the time to do it yet.
There is a Secure messaging
in the specification.
is it needs?
Gnupg is having some issue with the current openpgp implementation. I suspect it's something small in the "Application Related Data" (006e).
Steps to reproduce.
gpg2 --expert --full-generate-key
Select (1) RSA and RSA. 2048 bit RSA key.
gpg2 --expert --edit-key <key-id>
Then:
key 1
keytocard
It should prompt for the admin PIN, and then fail with "gpg: KEYTOCARD failed: General error".
I was able to get traces of the APDUs with Wireshark using this script, and also just running pcscd
in the foreground: sudo pcscd -f -T -a
.
Are you considering merging the work done here with the Solokey v2?
Seems this is python and that is all Rust 😔
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.