nyanloutre/blue-app-openpgp-card
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
6 Commits 2 Branches 12 Tags 4.7 MiB
C 87.6%
Python 9.7%
Linker Script 1.6%
Makefile 1.1%
278d85a821
Go to file
Cédric Mesnil 278d85a821 1.0 RC1 
Add-on Spec:
 Add intermediate SHA256 in seeded key derivation
 Beautify spec

Pytool:
  Remove some log

 App:
  Fix GET_CHALLENGE commande to support addon mode
  Add '01F2' '01F1' access control
  Replace ugly temporary cx_sha_t address definition by clean union
  Rewrite dynamic menu management in ui
  Add 'About' menu

 Build:
  Rename application from GNUPG3 to OpenPGP and version to 1.0
  Lock path & curve
  Compile in optimization mode
2017-03-27 15:14:51 +02:00
doc 1.0 RC1 2017-03-27 15:14:51 +02:00
pytools/gpgcard 1.0 RC1 2017-03-27 15:14:51 +02:00
src 1.0 RC1 2017-03-27 15:14:51 +02:00
icon_pgp.gif 1.0 RC1 2017-03-27 15:14:51 +02:00
LICENSE Initial commit 2017-03-21 15:21:34 +01:00
Makefile 1.0 RC1 2017-03-27 15:14:51 +02:00
README.md 1.0 RC1 2017-03-27 15:14:51 +02:00

README.md

GnuPG application: blue-app-gnupg

GnuPG application for Ledger Blue and Nano S

This application implements "The OpenPGP card" specification revision 3.0. This specification is available in doc directory and at https://g10code.com/p-card.html .

The application supports:

  • RSA with key up to 4096 bits
  • ECDSA with secp256k1, secp256r1, brainpool 256r1 and brainpool 256t1 curves
  • EDDSA with Ed25519 curve
  • ECDH with secp256k1, secp256r1, brainpool 256r1, brainpool 256t1 and curve25519 curves

To compile it, use at least the Nano S SDK 1.3.1.3 on firmware 1.3.1

This release is in beta stage with known missing parts (see also Add-on) :

  • Ledger Blue support
  • Seed mode ON/OFF via apdu

Add-on

The GnuPG application implements the following addon:

  • serial modification
  • on screen reset
  • 3 independent key slots
  • seeded key generation

Technical specification is available in doc/gpgcard3.0-addon.rst

Key slot

"The OpenPGP card" specification specifies:

  • 3 asymmetric keys : Signature, Decryption, Authentication
  • 1 symmetric key

The blue application allow you to store 3 different key sets, named slot. Each slot contains the above 4 keys. You can choose the active slot on the main screen. When installed the default slot is "1". You can change it in settings.

seeded key generation

A seeded mode is implemented in order to restore private keys on a new token. In this mode key material is generated from the global token seeded.

Please consider SEED mode as experimental.

More details to come...

On screen reset

The application can be reset as if it was fresh installed. In settings, choose reset and confirm.