1
99:59:59,999 --> 99:59:59,999
Hello, everyone.

2
99:59:59,999 --> 99:59:59,999
This presentation is about
Gnuk + GnuPG;

3
99:59:59,999 --> 99:59:59,999
The title is Gnuk + GnuPG
Explained for Debian Developers

4
99:59:59,999 --> 99:59:59,999
and Users.

5
99:59:59,999 --> 99:59:59,999
Last year, we did a similar
presentation in Montreal,

6
99:59:59,999 --> 99:59:59,999
but the demonstration
was at the end.

7
99:59:59,999 --> 99:59:59,999
And I realized that when
people watching the video later,

8
99:59:59,999 --> 99:59:59,999
they just watched
the first part.

9
99:59:59,999 --> 99:59:59,999
So, this time I do the
demonstration at the first part.

10
99:59:59,999 --> 99:59:59,999
Here's are some contents.

11
99:59:59,999 --> 99:59:59,999
So, this figure explains
about the GnuPG components.

12
99:59:59,999 --> 99:59:59,999
We have multiple processes,
GPG, GPG agent

13
99:59:59,999 --> 99:59:59,999
ST demo, and ping entry.

14
99:59:59,999 --> 99:59:59,999
When user asks GPG for
signature generation,

15
99:59:59,999 --> 99:59:59,999
all those-- PNPG, GPG agents
and SG demo works together.

16
99:59:59,999 --> 99:59:59,999
And today, our family
demonstrates how those

17
99:59:59,999 --> 99:59:59,999
processes interact.

18
99:59:59,999 --> 99:59:59,999
And here is Ayumi-san.

19
99:59:59,999 --> 99:59:59,999
So please come, my family and
Yabuki-san.

20
99:59:59,999 --> 99:59:59,999
Yabuki-san will represent
GPG user.

21
99:59:59,999 --> 99:59:59,999
Because he daily uses GPG
as a Debian developer.

22
99:59:59,999 --> 99:59:59,999
And she, she represents
GPG. Her name is Ayumi.

23
99:59:59,999 --> 99:59:59,999
She's my daughter.
She represents GPG.

24
99:59:59,999 --> 99:59:59,999
It is a GPG protend.
And she manages public

25
99:59:59,999 --> 99:59:59,999
key operations.

26
99:59:59,999 --> 99:59:59,999
And the most important
thing is that GPG agent.

27
99:59:59,999 --> 99:59:59,999
And she is the mother.
Her name is Hitoe.

28
99:59:59,999 --> 99:59:59,999
And she handles
private key operations.

29
99:59:59,999 --> 99:59:59,999
And then, he-- this time he
is very much important.

30
99:59:59,999 --> 99:59:59,999
He is Ashidamon.
Assistant stands for smart card.

31
99:59:59,999 --> 99:59:59,999
And he controls access to
the token and the ORE card.

32
99:59:59,999 --> 99:59:59,999
This time, this represent
the nuke token.

33
99:59:59,999 --> 99:59:59,999
This metal box.

34
99:59:59,999 --> 99:59:59,999
Yes?

35
99:59:59,999 --> 99:59:59,999
Actually, we have another
thing that is ping entry.

36
99:59:59,999 --> 99:59:59,999
Today, this dumper baby
represent ping entry.

37
99:59:59,999 --> 99:59:59,999
Yes, let's see.

38
99:59:59,999 --> 99:59:59,999
So, suppose a user
have a file

39
99:59:59,999 --> 99:59:59,999
and he asks GPG to
generate signature

40
99:59:59,999 --> 99:59:59,999
of this file.

41
99:59:59,999 --> 99:59:59,999
So, Yabuki-san asks her,
"Please make signature."

42
99:59:59,999 --> 99:59:59,999
Then she says, "Yes sir."

43
99:59:59,999 --> 99:59:59,999
Then she generate cache
of the file.

44
99:59:59,999 --> 99:59:59,999
Actually, it's the...


45
99:59:59,999 --> 99:59:59,999
It's the chopsticks
folder yesterday.

46
99:59:59,999 --> 99:59:59,999
Uh, in Japanese we say
hashi so it sounds like hash.

47
99:59:59,999 --> 99:59:59,999
(laughter)

48
99:59:59,999 --> 99:59:59,999
Then she ask GPG agent.

49
99:59:59,999 --> 99:59:59,999
This represents
pipe or socket.

50
99:59:59,999 --> 99:59:59,999
So then usually she
has a key in the file system.

51
99:59:59,999 --> 99:59:59,999
But today, as I represent here...

52
99:59:59,999 --> 99:59:59,999
Usually, the private key
is in here.

53
99:59:59,999 --> 99:59:59,999
Or in this box.

54
99:59:59,999 --> 99:59:59,999
But this time, my private
key is inside this token.

55
99:59:59,999 --> 99:59:59,999
Yes.

56
99:59:59,999 --> 99:59:59,999
This is my private key.

57
99:59:59,999 --> 99:59:59,999
It's securely stored 
inside a Gnuk token.

58
99:59:59,999 --> 99:59:59,999
Then GPG agent forwards
a request to ST demo.

59
99:59:59,999 --> 99:59:59,999
Actually, it is in Japanese
now, but it is special

60
99:59:59,999 --> 99:59:59,999
protocol between
GPG agent and SG demo.

61
99:59:59,999 --> 99:59:59,999
Then SG demo asks passphrase
for Gnuk token.

62
99:59:59,999 --> 99:59:59,999
But-- pass it here.

63
99:59:59,999 --> 99:59:59,999
She asks passphrase.

64
99:59:59,999 --> 99:59:59,999
Then ping entry spawned
from GPG agent.

65
99:59:59,999 --> 99:59:59,999
Then ping entry
goes to user--

66
99:59:59,999 --> 99:59:59,999
pops up windows to user,
and he asks passphrase.

67
99:59:59,999 --> 99:59:59,999
Yes.

68
99:59:59,999 --> 99:59:59,999
Then, he knows the passphrase
back to GPG agent.

69
99:59:59,999 --> 99:59:59,999
And the passphrase
goes through GPG agent

70
99:59:59,999 --> 99:59:59,999
to SG demo
through token.

71
99:59:59,999 --> 99:59:59,999
Then he shakes Gnu token.

72
99:59:59,999 --> 99:59:59,999
Then he generate signature.

73
99:59:59,999 --> 99:59:59,999
Then signature go back
through GPG agent

74
99:59:59,999 --> 99:59:59,999
and GPG.

75
99:59:59,999 --> 99:59:59,999
And lastly GPG gives
signature to user.

76
99:59:59,999 --> 99:59:59,999
That's an interaction
of how GPG works when

77
99:59:59,999 --> 99:59:59,999
user asks generating
a signature.

78
99:59:59,999 --> 99:59:59,999
Thank you for
the demonstration.

79
99:59:59,999 --> 99:59:59,999
And thank you for
my family and Yabuki-san.

80
99:59:59,999 --> 99:59:59,999
A little bit about Gnuk token.

81
99:59:59,999 --> 99:59:59,999
The Gnuk token is a 
special hardware

82
99:59:59,999 --> 99:59:59,999
dedicated for GnukPG,
and its specialty is,

83
99:59:59,999 --> 99:59:59,999
"I design and implement
this for user's freedom."

84
99:59:59,999 --> 99:59:59,999
And the firmware is
called Gnuk.

85
99:59:59,999 --> 99:59:59,999
It is free software.

86
99:59:59,999 --> 99:59:59,999
And here is a prototype
of a FST-01.

87
99:59:59,999 --> 99:59:59,999
It is a reference-free
hardware design.

88
99:59:59,999 --> 99:59:59,999
The reason why implement
and I put my info on

89
99:59:59,999 --> 99:59:59,999
Gnuk token is that to control
our crypto computation.

90
99:59:59,999 --> 99:59:59,999
And my purpose is to
minimize the attack surface

91
99:59:59,999 --> 99:59:59,999
as small as possible.

92
99:59:59,999 --> 99:59:59,999
One of the goal is that
it can be reproduced

93
99:59:59,999 --> 99:59:59,999
by others, not only me.

94
99:59:59,999 --> 99:59:59,999
All technical documentation
is available.

95
99:59:59,999 --> 99:59:59,999
And I only use free too.