Hello, everyone.
This presentation is about
Gnuk + GnuPG;
The title is Gnuk + GnuPG
Explained for Debian Developers
and Users.
Last year, we did a similar
presentation in Montreal,
but the demonstration
was at the end.
And I realized that when
people watching the video later,
they just watched
the first part.
So, this time I do the
demonstration at the first part.
Here's are some contents.
So, this figure explains
about the GnuPG components.
We have multiple processes,
GPG, GPG agent
ST demo, and ping entry.
When user asks GPG for
signature generation,
all those-- PNPG, GPG agents
and SG demo works together.
And today, our family
demonstrates how those
processes interact.
And here is Ayumi-san.
So please come, my family and
Yabuki-san.
Yabuki-san will represent
GPG user.
Because he daily uses GPG
as a Debian developer.
And she, she represents
GPG. Her name is Ayumi.
She's my daughter.
She represents GPG.
It is a GPG protend.
And she manages public
key operations.
And the most important
thing is that GPG agent.
And she is the mother.
Her name is Hitoe.
And she handles
private key operations.
And then, he-- this time he
is very much important.
He is Ashidamon.
Assistant stands for smart card.
And he controls access to
the token and the ORE card.
This time, this represent
the nuke token.
This metal box.
Yes?
Actually, we have another
thing that is ping entry.
Today, this dumper baby
represent ping entry.
Yes, let's see.
So, suppose a user
have a file
and he asks GPG to
generate signature
of this file.
So, Yabuki-san asks her,
"Please make signature."
Then she says, "Yes sir."
Then she generate cache
of the file.
Actually, it's the...
It's the chopsticks
folder yesterday.
Uh, in Japanese we say
hashi so it sounds like hash.
(laughter)
Then she ask GPG agent.
This represents
pipe or socket.
So then usually she
has a key in the file system.
But today, as I represent here...
Usually, the private key
is in here.
Or in this box.
But this time, my private
key is inside this token.
Yes.
This is my private key.
It's securely stored
inside a Gnuk token.
Then GPG agent forwards
a request to ST demo.
Actually, it is in Japanese
now, but it is special
protocol between
GPG agent and SG demo.
Then SG demo asks passphrase
for Gnuk token.
But-- pass it here.
She asks passphrase.
Then ping entry spawned
from GPG agent.
Then ping entry
goes to user--
pops up windows to user,
and he asks passphrase.
Yes.
Then, he knows the passphrase
back to GPG agent.
And the passphrase
goes through GPG agent
to SG demo
through token.
Then he shakes Gnu token.
Then he generate signature.
Then signature go back
through GPG agent
and GPG.
And lastly GPG gives
signature to user.
That's an interaction
of how GPG works when
user asks generating
a signature.
Thank you for
the demonstration.
And thank you for
my family and Yabuki-san.
A little bit about Gnuk token.
The Gnuk token is a
special hardware
dedicated for GnukPG,
and its specialty is,
"I design and implement
this for user's freedom."
And the firmware is
called Gnuk.
It is free software.
And here is a prototype
of a FST-01.
It is a reference-free
hardware design.
The reason why implement
and I put my info on
Gnuk token is that to control
our crypto computation.
And my purpose is to
minimize the attack surface
as small as possible.
One of the goal is that
it can be reproduced
by others, not only me.
All technical documentation
is available.
And I only use free too.