Hello, everyone. This presentation is about Gnuk + GnuPG; The title is Gnuk + GnuPG Explained for Debian Developers and Users. Last year, we did a similar presentation in Montreal, but the demonstration was at the end. And I realized that when people watching the video later, they just watched the first part. So, this time I do the demonstration at the first part. Here's are some contents. So, this figure explains about the GnuPG components. We have multiple processes, GPG, GPG agent ST demo, and ping entry. When user asks GPG for signature generation, all those-- PNPG, GPG agents and SG demo works together. And today, our family demonstrates how those processes interact. And here is Ayumi-san. So please come, my family and Yabuki-san. Yabuki-san will represent GPG user. Because he daily uses GPG as a Debian developer. And she, she represents GPG. Her name is Ayumi. She's my daughter. She represents GPG. It is a GPG protend. And she manages public key operations. And the most important thing is that GPG agent. And she is the mother. Her name is Hitoe. And she handles private key operations. And then, he-- this time he is very much important. He is Ashidamon. Assistant stands for smart card. And he controls access to the token and the ORE card. This time, this represent the nuke token. This metal box. Yes? Actually, we have another thing that is ping entry. Today, this dumper baby represent ping entry. Yes, let's see. So, suppose a user have a file and he asks GPG to generate signature of this file. So, Yabuki-san asks her, "Please make signature." Then she says, "Yes sir." Then she generate cache of the file. Actually, it's the... It's the chopsticks folder yesterday. Uh, in Japanese we say hashi so it sounds like hash. (laughter) Then she ask GPG agent. This represents pipe or socket. So then usually she has a key in the file system. But today, as I represent here... Usually, the private key is in here. Or in this box. But this time, my private key is inside this token. Yes. This is my private key. It's securely stored inside a Gnuk token. Then GPG agent forwards a request to ST demo. Actually, it is in Japanese now, but it is special protocol between GPG agent and SG demo. Then SG demo asks passphrase for Gnuk token. But-- pass it here. She asks passphrase. Then ping entry spawned from GPG agent. Then ping entry goes to user-- pops up windows to user, and he asks passphrase. Yes. Then, he knows the passphrase back to GPG agent. And the passphrase goes through GPG agent to SG demo through token. Then he shakes Gnu token. Then he generate signature. Then signature go back through GPG agent and GPG. And lastly GPG gives signature to user. That's an interaction of how GPG works when user asks generating a signature. Thank you for the demonstration. And thank you for my family and Yabuki-san. A little bit about Gnuk token. The Gnuk token is a special hardware dedicated for GnukPG, and its specialty is, "I design and implement this for user's freedom." And the firmware is called Gnuk. It is free software. And here is a prototype of a FST-01. It is a reference-free hardware design. The reason why implement and I put my info on Gnuk token is that to control our crypto computation. And my purpose is to minimize the attack surface as small as possible. One of the goal is that it can be reproduced by others, not only me. All technical documentation is available. And I only use free too.