-
Not Synced
Hello, everyone.
-
Not Synced
This presentation is about
Gnuk + GnuPG;
-
Not Synced
The title is Gnuk + GnuPG
Explained for Debian Developers
-
Not Synced
and Users.
-
Not Synced
Last year, we did a similar
presentation in Montreal,
-
Not Synced
but the demonstration
was at the end.
-
Not Synced
And I realized that when
people watching the video later,
-
Not Synced
they just watched
the first part.
-
Not Synced
So, this time I do the
demonstration at the first part.
-
Not Synced
Here's are some contents.
-
Not Synced
So, this figure explains
about the GnuPG components.
-
Not Synced
We have multiple processes,
GPG, GPG agent
-
Not Synced
ST demo, and ping entry.
-
Not Synced
When user asks GPG for
signature generation,
-
Not Synced
all those-- PNPG, GPG agents
and SG demo works together.
-
Not Synced
And today, our family
demonstrates how those
-
Not Synced
processes interact.
-
Not Synced
And here is Ayumi-san.
-
Not Synced
So please come, my family and
Yabuki-san.
-
Not Synced
Yabuki-san will represent
GPG user.
-
Not Synced
Because he daily uses GPG
as a Debian developer.
-
Not Synced
And she, she represents
GPG. Her name is Ayumi.
-
Not Synced
She's my daughter.
She represents GPG.
-
Not Synced
It is a GPG protend.
And she manages public
-
Not Synced
key operations.
-
Not Synced
And the most important
thing is that GPG agent.
-
Not Synced
And she is the mother.
Her name is Hitoe.
-
Not Synced
And she handles
private key operations.
-
Not Synced
And then, he-- this time he
is very much important.
-
Not Synced
He is Ashidamon.
Assistant stands for smart card.
-
Not Synced
And he controls access to
the token and the ORE card.
-
Not Synced
This time, this represent
the nuke token.
-
Not Synced
This metal box.
-
Not Synced
Yes?
-
Not Synced
Actually, we have another
thing that is ping entry.
-
Not Synced
Today, this dumper baby
represent ping entry.
-
Not Synced
Yes, let's see.
-
Not Synced
So, suppose a user
have a file
-
Not Synced
and he asks GPG to
generate signature
-
Not Synced
of this file.
-
Not Synced
So, Yabuki-san asks her,
"Please make signature."
-
Not Synced
Then she says, "Yes sir."
-
Not Synced
Then she generate cache
of the file.
-
Not Synced
Actually, it's the...
-
Not Synced
It's the chopsticks
folder yesterday.
-
Not Synced
Uh, in Japanese we say
hashi so it sounds like hash.
-
Not Synced
(laughter)
-
Not Synced
Then she ask GPG agent.
-
Not Synced
This represents
pipe or socket.
-
Not Synced
So then usually she
has a key in the file system.
-
Not Synced
But today, as I represent here...
-
Not Synced
Usually, the private key
is in here.
-
Not Synced
Or in this box.
-
Not Synced
But this time, my private
key is inside this token.
-
Not Synced
Yes.
-
Not Synced
This is my private key.
-
Not Synced
It's securely stored
inside a Gnuk token.
-
Not Synced
Then GPG agent forwards
a request to ST demo.
-
Not Synced
Actually, it is in Japanese
now, but it is special
-
Not Synced
protocol between
GPG agent and SG demo.
-
Not Synced
Then SG demo asks passphrase
for Gnuk token.
-
Not Synced
But-- pass it here.
-
Not Synced
She asks passphrase.
-
Not Synced
Then ping entry spawned
from GPG agent.
-
Not Synced
Then ping entry
goes to user--
-
Not Synced
pops up windows to user,
and he asks passphrase.
-
Not Synced
Yes.
-
Not Synced
Then, he knows the passphrase
back to GPG agent.
-
Not Synced
And the passphrase
goes through GPG agent
-
Not Synced
to SG demo
through token.
-
Not Synced
Then he shakes Gnu token.
-
Not Synced
Then he generate signature.
-
Not Synced
Then signature go back
through GPG agent
-
Not Synced
and GPG.
-
Not Synced
And lastly GPG gives
signature to user.
-
Not Synced
That's an interaction
of how GPG works when
-
Not Synced
user asks generating
a signature.
-
Not Synced
Thank you for
the demonstration.
-
Not Synced
And thank you for
my family and Yabuki-san.
-
Not Synced
A little bit about Gnuk token.
-
Not Synced
The Gnuk token is a
special hardware
-
Not Synced
dedicated for GnukPG,
and its specialty is,
-
Not Synced
"I design and implement
this for user's freedom."
-
Not Synced
And the firmware is
called Gnuk.
-
Not Synced
It is free software.
-
Not Synced
And here is a prototype
of a FST-01.
-
Not Synced
It is a reference-free
hardware design.
-
Not Synced
The reason why implement
and I put my info on
-
Not Synced
Gnuk token is that to control
our crypto computation.
-
Not Synced
And my purpose is to
minimize the attack surface
-
Not Synced
as small as possible.
-
Not Synced
One of the goal is that
it can be reproduced
-
Not Synced
by others, not only me.
-
Not Synced
All technical documentation
is available.
-
Not Synced
And I only use free too.
Debconf
