Go to file
Cédric Mesnil a1c8e7766c On the road to 1.1.0
Fix PIN management

Add 3.3.1 spec addons
  - VERIFY with get status
  - MSE
  - ECC public key import
  - AES PSO:ENC
  - AES multi blcok
2017-08-31 17:03:27 +02:00
doc update logo with correct font 2017-08-30 14:38:17 +02:00
glyphs 1.0 RC2 2017-03-28 19:24:02 +02:00
images reorg some image files 2017-08-30 15:18:36 +02:00
pytools/gpgcard 1.0 RC1 2017-03-27 15:14:51 +02:00
sdk RC6 2017-05-04 17:30:53 +02:00
src On the road to 1.1.0 2017-08-31 17:03:27 +02:00
LICENSE Initial commit 2017-03-21 15:21:34 +01:00
Makefile On the road to 1.1.0 2017-08-31 17:03:27 +02:00
README.md Update README.md 2017-07-09 08:36:09 +02:00

GnuPG application: blue-app-gnupg

GnuPG application for Ledger Blue and Nano S

This application implements "The OpenPGP card" specification revision 3.0. This specification is available in doc directory and at https://g10code.com/p-card.html .

The application supports:

  • RSA with key up to 4096 bits
  • ECDSA with secp256k1, secp256r1, brainpool 256r1 and brainpool 256t1 curves
  • EDDSA with Ed25519 curve
  • ECDH with secp256k1, secp256r1, brainpool 256r1, brainpool 256t1 and curve25519 curves

This release has known missing parts (see also Add-on) :

  • Ledger Blue support
  • Seed mode ON/OFF via apdu

Installation

(See also Configuration)

NanoS

For both, source and binary installation, use the most recent tag.

From Binary

Use the Chrome App "Ledger Manager". See https://www.ledgerwallet.com/apps/manager for details.

As "OpenPGP card" application is not fully compliant with UI and documentation guidelines, the application is in developper section: click on "Show delevoppers items" on the bottom right corner.

From source

Building from sources requires the the Nano S SDK 1.3.1.4 on firmware 1.3.1. See https://github.com/LedgerHQ/nanos-secure-sdk

The SDK must be slightly modified:

  • replace lib_stusb/STM32_USB_Device_Library/Class/CCID/src/usbd_ccid_if.c and - replace lib_stusb/STM32_USB_Device_Library/Class/CCID/inc/usbd_ccid_if.h by the one provided in sdk/ directory
  • edit script.ld and modify the stack size : STACK_SIZE = 832;

Host

Linux

You have to have to add the NanoS to /etc/libccid_Info.plist

In  <key>ifdVendorID</key>      add the entry  <string>0x2C97</string>
In  <key>ifdProductID</key>     add the entry  <string>0x0001</string>
In  <key>ifdFriendlyName</key>  add the entry  <string>Ledger Token</string>

This 3 entries must be added at the end of each list.

MAC

  1. First it is necessary to disable SIP That doesn't allow the editing of files in /usr/.

  2. You have to have to add the NanoS to /usr/libexec/SmartCardServices/drivers/ifd-ccid.bundle/Contents/Info.plist

    In  <key>ifdVendorID</key>      add the entry  <string>0x2C97</string>
    In  <key>ifdProductID</key>     add the entry  <string>0x0001</string>
    In  <key>ifdFriendlyName</key>  add the entry  <string>Ledger Token</string>
    

This 3 entries must be added at the end of each list.

  1. Enable SIP

Windows

TODO

Configuration

Add the following option in ~/.gnupg/scdaemon.conf :

enable-pinpad-varlen

Add-on

The GnuPG application implements the following addon:

  • serial modification
  • on screen reset
  • 3 independent key slots
  • seeded key generation

Technical specification is available in doc/gpgcard3.0-addon.rst

Key slot

"The OpenPGP card" specification specifies:

  • 3 asymmetric keys : Signature, Decryption, Authentication
  • 1 symmetric key

The blue application allow you to store 3 different key sets, named slot. Each slot contains the above 4 keys. You can choose the active slot on the main screen. When installed the default slot is "1". You can change it in settings.

seeded key generation

A seeded mode is implemented in order to restore private keys on a new token. In this mode key material is generated from the global token seeded.

Please consider SEED mode as experimental.

More details to come...

On screen reset

The application can be reset as if it was fresh installed. In settings, choose reset and confirm.