The FST-01G device that you order from the FSF shop runs NeuG. To be able to use the device as a OpenPGP smartcard, you need to install Gnuk. While Niibe covers this on his tutorial, I found the steps a bit complicated to follow. The following guides you from buying the device to getting a FST-01G running Gnuk ready for use with GnuPG.
Once you have received the device and inserted it into a USB port, your kernel log (sudo dmesg) will show something like the following:
[628772.874658] usb 1-1.5.1: New USB device found, idVendor=234b, idProduct=0004 [628772.874663] usb 1-1.5.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [628772.874666] usb 1-1.5.1: Product: Fraucheky [628772.874669] usb 1-1.5.1: Manufacturer: Free Software Initiative of Japan [628772.874671] usb 1-1.5.1: SerialNumber: FSIJ-0.0 [628772.875204] usb-storage 1-1.5.1:1.0: USB Mass Storage device detected [628772.875452] scsi host6: usb-storage 1-1.5.1:1.0 [628773.886539] scsi 6:0:0:0: Direct-Access FSIJ Fraucheky 1.0 PQ: 0 ANSI: 0 [628773.887522] sd 6:0:0:0: Attached scsi generic sg2 type 0 [628773.888931] sd 6:0:0:0: [sdb] 128 512-byte logical blocks: (65.5 kB/64.0 KiB) [628773.889558] sd 6:0:0:0: [sdb] Write Protect is off [628773.889564] sd 6:0:0:0: [sdb] Mode Sense: 03 00 00 00 [628773.890305] sd 6:0:0:0: [sdb] No Caching mode page found [628773.890314] sd 6:0:0:0: [sdb] Assuming drive cache: write through [628773.902617] sdb: [628773.906066] sd 6:0:0:0: [sdb] Attached SCSI removable disk
The device comes up as a USB mass storage device. Conveniently, it contain documentation describing what it is, and you identify the version of NeuG it runs as follows.
jas@latte:~/src/gnuk$ head /media/jas/Fraucheky/README NeuG - a true random number generator implementation (for STM32F103) Version 1.0.7 2018-01-19 Niibe Yutaka Free Software Initiative of Japan
To convert the device into the serial-mode that is required for the software upgrade, use the eject command for the device (above it came up as /dev/sdb): sudo eject /dev/sdb. The kernel log will now contain something like this:
[628966.847387] usb 1-1.5.1: reset full-speed USB device number 27 using ehci-pci [628966.955723] usb 1-1.5.1: device firmware changed [628966.956184] usb 1-1.5.1: USB disconnect, device number 27 [628967.115322] usb 1-1.5.1: new full-speed USB device number 28 using ehci-pci [628967.233272] usb 1-1.5.1: New USB device found, idVendor=234b, idProduct=0001 [628967.233277] usb 1-1.5.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [628967.233280] usb 1-1.5.1: Product: NeuG True RNG [628967.233283] usb 1-1.5.1: Manufacturer: Free Software Initiative of Japan [628967.233286] usb 1-1.5.1: SerialNumber: FSIJ-1.0.7-67252015 [628967.234034] cdc_acm 1-1.5.1:1.0: ttyACM0: USB ACM device
The strings NeuG True RNG and FSIJ-1.0.7 suggest it is running NeuG version 1.0.7.
Now both Gnuk itself and reGNUal needs to be built, as follows. If you get any error message, you likely don’t have the necessary dependencies installed.
jas@latte:~/src$ git clone https://salsa.debian.org/gnuk-team/gnuk/neug.git jas@latte:~/src$ git clone https://salsa.debian.org/gnuk-team/gnuk/gnuk.git jas@latte:~/src$ cd gnuk/src/ jas@latte:~/src/gnuk/src$ git submodule update --init jas@latte:~/src/gnuk/src$ ./configure --vidpid=234b:0000 ... jas@latte:~/src/gnuk/src$ make ... jas@latte:~/src/gnuk/src$ cd ../regnual/ jas@latte:~/src/gnuk/regnual$ make jas@latte:~/src/gnuk/regnual$ cd ../../
You are now ready to flash the device, as follows.
jas@latte:~/src$ sudo neug/tool/neug_upgrade.py -f gnuk/regnual/regnual.bin gnuk/src/build/gnuk.bin gnuk/regnual/regnual.bin: 4544 gnuk/src/build/gnuk.bin: 113664 CRC32: 931cab51 Device: Configuration: 1 Interface: 1 20000e00:20005000 Downloading flash upgrade program... start 20000e00 end 20001f00 # 20001f00: 31 : 196 Run flash upgrade program... Wait 3 seconds... Device: 08001000:08020000 Downloading the program start 08001000 end 0801bc00 jas@latte:~/src$
Remove and insert the device and the kernel log should contain something like this:
[629120.399875] usb 1-1.5.1: new full-speed USB device number 32 using ehci-pci [629120.511003] usb 1-1.5.1: New USB device found, idVendor=234b, idProduct=0000 [629120.511008] usb 1-1.5.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [629120.511011] usb 1-1.5.1: Product: Gnuk Token [629120.511014] usb 1-1.5.1: Manufacturer: Free Software Initiative of Japan [629120.511017] usb 1-1.5.1: SerialNumber: FSIJ-1.2.14-67252015
The device can now be used with GnuPG as a smartcard device.
jas@latte:~/src/gnuk$ gpg --card-status Reader ...........: 234B:0000:FSIJ-1.2.14-67252015:0 Application ID ...: D276000124010200FFFE672520150000 Version ..........: 2.0 Manufacturer .....: unmanaged S/N range Serial number ....: 67252015 Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: rsa2048 rsa2048 rsa2048 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] jas@latte:~/src/gnuk$
Congratulations!
Pingback: Offline Ed25519 OpenPGP key with subkeys on FST-01G running Gnuk – Simon Josefsson's blog