9:59:59.000,9:59:59.000 Hello, everyone. 9:59:59.000,9:59:59.000 This presentation is about[br]Gnuk + GnuPG; 9:59:59.000,9:59:59.000 The title is Gnuk + GnuPG[br]Explained for Debian Developers 9:59:59.000,9:59:59.000 and Users. 9:59:59.000,9:59:59.000 Last year, we did a similar[br]presentation in Montreal, 9:59:59.000,9:59:59.000 but the demonstration[br]was at the end. 9:59:59.000,9:59:59.000 And I realized that when[br]people watching the video later, 9:59:59.000,9:59:59.000 they just watched[br]the first part. 9:59:59.000,9:59:59.000 So, this time I do the[br]demonstration at the first part. 9:59:59.000,9:59:59.000 Here's are some contents. 9:59:59.000,9:59:59.000 So, this figure explains[br]about the GnuPG components. 9:59:59.000,9:59:59.000 We have multiple processes,[br]GPG, GPG agent 9:59:59.000,9:59:59.000 ST demo, and ping entry. 9:59:59.000,9:59:59.000 When user asks GPG for[br]signature generation, 9:59:59.000,9:59:59.000 all those-- PNPG, GPG agents[br]and SG demo works together. 9:59:59.000,9:59:59.000 And today, our family[br]demonstrates how those 9:59:59.000,9:59:59.000 processes interact. 9:59:59.000,9:59:59.000 And here is Ayumi-san. 9:59:59.000,9:59:59.000 So please come, my family and[br]Yabuki-san. 9:59:59.000,9:59:59.000 Yabuki-san will represent[br]GPG user. 9:59:59.000,9:59:59.000 Because he daily uses GPG[br]as a Debian developer. 9:59:59.000,9:59:59.000 And she, she represents[br]GPG. Her name is Ayumi. 9:59:59.000,9:59:59.000 She's my daughter.[br]She represents GPG. 9:59:59.000,9:59:59.000 It is a GPG protend.[br]And she manages public 9:59:59.000,9:59:59.000 key operations. 9:59:59.000,9:59:59.000 And the most important[br]thing is that GPG agent. 9:59:59.000,9:59:59.000 And she is the mother.[br]Her name is Hitoe. 9:59:59.000,9:59:59.000 And she handles[br]private key operations. 9:59:59.000,9:59:59.000 And then, he-- this time he[br]is very much important. 9:59:59.000,9:59:59.000 He is Ashidamon.[br]Assistant stands for smart card. 9:59:59.000,9:59:59.000 And he controls access to[br]the token and the ORE card. 9:59:59.000,9:59:59.000 This time, this represent[br]the nuke token. 9:59:59.000,9:59:59.000 This metal box. 9:59:59.000,9:59:59.000 Yes? 9:59:59.000,9:59:59.000 Actually, we have another[br]thing that is ping entry. 9:59:59.000,9:59:59.000 Today, this dumper baby[br]represent ping entry. 9:59:59.000,9:59:59.000 Yes, let's see. 9:59:59.000,9:59:59.000 So, suppose a user[br]have a file 9:59:59.000,9:59:59.000 and he asks GPG to[br]generate signature 9:59:59.000,9:59:59.000 of this file. 9:59:59.000,9:59:59.000 So, Yabuki-san asks her,[br]"Please make signature." 9:59:59.000,9:59:59.000 Then she says, "Yes sir." 9:59:59.000,9:59:59.000 Then she generate cache[br]of the file. 9:59:59.000,9:59:59.000 Actually, it's the...[br] 9:59:59.000,9:59:59.000 It's the chopsticks[br]folder yesterday. 9:59:59.000,9:59:59.000 Uh, in Japanese we say[br]hashi so it sounds like hash. 9:59:59.000,9:59:59.000 (laughter) 9:59:59.000,9:59:59.000 Then she ask GPG agent. 9:59:59.000,9:59:59.000 This represents[br]pipe or socket. 9:59:59.000,9:59:59.000 So then usually she[br]has a key in the file system. 9:59:59.000,9:59:59.000 But today, as I represent here... 9:59:59.000,9:59:59.000 Usually, the private key[br]is in here. 9:59:59.000,9:59:59.000 Or in this box. 9:59:59.000,9:59:59.000 But this time, my private[br]key is inside this token. 9:59:59.000,9:59:59.000 Yes. 9:59:59.000,9:59:59.000 This is my private key. 9:59:59.000,9:59:59.000 It's securely stored [br]inside a Gnuk token. 9:59:59.000,9:59:59.000 Then GPG agent forwards[br]a request to ST demo. 9:59:59.000,9:59:59.000 Actually, it is in Japanese[br]now, but it is special 9:59:59.000,9:59:59.000 protocol between[br]GPG agent and SG demo. 9:59:59.000,9:59:59.000 Then SG demo asks passphrase[br]for Gnuk token. 9:59:59.000,9:59:59.000 But-- pass it here. 9:59:59.000,9:59:59.000 She asks passphrase. 9:59:59.000,9:59:59.000 Then ping entry spawned[br]from GPG agent. 9:59:59.000,9:59:59.000 Then ping entry[br]goes to user-- 9:59:59.000,9:59:59.000 pops up windows to user,[br]and he asks passphrase. 9:59:59.000,9:59:59.000 Yes. 9:59:59.000,9:59:59.000 Then, he knows the passphrase[br]back to GPG agent. 9:59:59.000,9:59:59.000 And the passphrase[br]goes through GPG agent 9:59:59.000,9:59:59.000 to SG demo[br]through token. 9:59:59.000,9:59:59.000 Then he shakes Gnu token. 9:59:59.000,9:59:59.000 Then he generate signature. 9:59:59.000,9:59:59.000 Then signature go back[br]through GPG agent 9:59:59.000,9:59:59.000 and GPG. 9:59:59.000,9:59:59.000 And lastly GPG gives[br]signature to user. 9:59:59.000,9:59:59.000 That's an interaction[br]of how GPG works when 9:59:59.000,9:59:59.000 user asks generating[br]a signature. 9:59:59.000,9:59:59.000 Thank you for[br]the demonstration. 9:59:59.000,9:59:59.000 And thank you for[br]my family and Yabuki-san. 9:59:59.000,9:59:59.000 A little bit about Gnuk token. 9:59:59.000,9:59:59.000 The Gnuk token is a [br]special hardware 9:59:59.000,9:59:59.000 dedicated for GnukPG,[br]and its specialty is, 9:59:59.000,9:59:59.000 "I design and implement[br]this for user's freedom." 9:59:59.000,9:59:59.000 And the firmware is[br]called Gnuk. 9:59:59.000,9:59:59.000 It is free software. 9:59:59.000,9:59:59.000 And here is a prototype[br]of a FST-01. 9:59:59.000,9:59:59.000 It is a reference-free[br]hardware design. 9:59:59.000,9:59:59.000 The reason why implement[br]and I put my info on 9:59:59.000,9:59:59.000 Gnuk token is that to control[br]our crypto computation. 9:59:59.000,9:59:59.000 And my purpose is to[br]minimize the attack surface 9:59:59.000,9:59:59.000 as small as possible. 9:59:59.000,9:59:59.000 One of the goal is that[br]it can be reproduced 9:59:59.000,9:59:59.000 by others, not only me. 9:59:59.000,9:59:59.000 All technical documentation[br]is available. 9:59:59.000,9:59:59.000 And I only use free too.