This page provides hints on Gnuk.
Gnuk is an implementation of USB cryptographic token for GNU Privacy Guard. Gnuk supports OpenPGP card protocol version 3, and it runs on STM32F103 processor.
Gnuk is a Pure Free Software on Free Hardware. It's development is lead by gNiibe (a DD).
It has supports of EdDSA, ECDSA (with NIST P256 and secp256k1), and ECDH (with X25519, NIST P256 and secp256k1), but this ECC feature is somehow experimental, and it requires modern GnuPG 2.2 with libgcrypt 1.7.0 or later.
It also supports RSA-4096, but users should know that it takes more than 8 seconds to sign/decrypt. Key generation of RSA-4096 just fails, because the device doesn't have enough memory.
Run gpg on the host machine instead to generate RSA-4096.
Salsa: https://salsa.debian.org/gnuk-team -- all related repos. (active)
Gnuk repo: https://salsa.debian.org/gnuk-team/gnuk/gnuk
Chopstix repo: https://salsa.debian.org/gnuk-team/chopstx/chopstx
Software announce: http://www.fsij.org/category/gnuk.html (old)
Hardware requirement for Gnuk is the micro controller STM32F103. In version 1.1.x, Gnuk supports following boards.
- FST-01 (Flying Stone Tiny ZERO-ONE)
Reference hardware: http://wiki.seeed.cc/FST-01/
Although the web page say "it is out of stock", if you ask, they may have it (according to gniibe)
- Olimex STM32-H103
- STM32 part of STM8S Discovery Kit
- STlink V2 compatibles
- Nitrokey Start
http://git.gniibe.org/gitweb/?p=gnuk/gnuk.git;a=blob_plain;f=README;hb=HEAD (English, current)
https://debconf17.debconf.org/users/gniibe/ (Debconf17 talk, 2017)
https://www.gniibe.org/pdf/openpgp-2016/gnuk-1_2.html (openpgp, 2016)
http://www.fsij.org/doc-gnuk/ (English, 2012)
https://www.gniibe.org/ (gNiibe's web pages in English)
https://www.gniibe.org/category/memo.html (GnuPG+Gnuk hints, -2017)
http://no-passwd.net/fst-01-gnuk-handbook/index.html (By gNiibe, Japanese)
Gnuk usage reminders
- Backup your secret keys before transferring them to Gnuk.
- Use new Gnupg 2.2
$ sudo apt install gnupg scdaemon
Please note that the factory settings of the PINs are
- PIN = '123456'
- Admin PIN = '12345678'
GnuPG practice basics