diff --git a/doc/developper/quick-test.txt b/doc/developper/quick-test.txt new file mode 100644 index 0000000..5558ce7 --- /dev/null +++ b/doc/developper/quick-test.txt @@ -0,0 +1,196 @@ +Step1: ... +----- +Jump into any temp dir + + +Step2: install nanos +----- +Do a fresh install of gpg application 1.1.0 from google app manager + + +Step3: setup conf +----- +Create a 'manual-test' directory + $ mkdir manual-test + +Create a 'manual-test/gnupg' + $ mkdir manual-test/gnupg + +Create a 'manual-test/gnupg/scdaemon.conf' file with content: + reader-port "Ledger Token [Nano S] (0001) 01 00" + allow-admin + card-timeout 1 + debug-level expert + debug 11 + log-file /tmp/scdaemon.log + +Jump into manual-test dir + +Step4: change to host pin style +----- +Launch gpg NanoS application and: + $ killall scdaemon gpg-agent + $ gpg2 --homedir `pwd`/gnupg --card-edit + gpg: WARNING: unsafe permissions on homedir '/home/cme/Projects/Git/ledgerblue/blue-app-openpgp-card/manual-test/gnupg' + gpg: keybox '/home/cme/Projects/Git/ledgerblue/blue-app-openpgp-card/manual-test/gnupg/pubring.kbx' created + + Reader ...........: Ledger Token [Nano S] (0001) 01 00 + Application ID ...: D2760001240103002C97DDD38BA90000 + Version ..........: 3.0 + Manufacturer .....: unknown + Serial number ....: DDD38BA9 + Name of cardholder: [not set] + Language prefs ...: [not set] + Sex ..............: unspecified + URL of public key : [not set] + Login data .......: [not set] + Signature PIN ....: not forced + Key attributes ...: rsa2048 rsa2048 rsa2048 + Max. PIN lengths .: 12 12 12 + PIN retry counter : 3 0 3 + Signature counter : 0 + Signature key ....: [none] + Encryption key....: [none] + Authentication key: [none] + General key info..: [none] + + gpg/card> verify + + Reader ...........: Ledger Token [Nano S] (0001) 01 00 + Application ID ...: D2760001240103002C97DDD38BA90000 + Version ..........: 3.0 + Manufacturer .....: unknown + Serial number ....: DDD38BA9 + Name of cardholder: [not set] + Language prefs ...: [not set] + Sex ..............: unspecified + URL of public key : [not set] + Login data .......: [not set] + Signature PIN ....: not forced + Key attributes ...: rsa2048 rsa2048 rsa2048 + Max. PIN lengths .: 12 12 12 + PIN retry counter : 3 0 3 + Signature counter : 0 + Signature key ....: [none] + Encryption key....: [none] + Authentication key: [none] + General key info..: [none] + + gpg/card> + +Then on nanos, goto settings->PIN mode, and select 'Host' +Then on nanos, goto settings->PIN mode, and select 'Set as default' + +unplug and replug the nanos + +relaunch the openpgp application + +Goto settings->PIN mode, and check you have "Host # +" (DASH and PLUS) + + +Step5: create 2048bits RSA keys +----- + + +In 'manual-test' directory, ask key generation. Nota that during this phase PIN has to be validate on Nanos + + $ killall scdaemon gpg-agent + $ gpg2 --homedir `pwd`/gnupg --card-edit + gpg: WARNING: unsafe permissions on homedir '/home/cme/Projects/Git/ledgerblue/blue-app-openpgp-card/manual-test/gnupg' + + Reader ...........: Ledger Token [Nano S] (0001) 01 00 + Application ID ...: D2760001240103002C97DDD38BA90000 + Version ..........: 3.0 + Manufacturer .....: unknown + Serial number ....: DDD38BA9 + Name of cardholder: [not set] + Language prefs ...: [not set] + Sex ..............: unspecified + URL of public key : [not set] + Login data .......: [not set] + Signature PIN ....: not forced + Key attributes ...: rsa2048 rsa2048 rsa2048 + Max. PIN lengths .: 12 12 12 + PIN retry counter : 3 0 3 + Signature counter : 0 + Signature key ....: [none] + Encryption key....: [none] + Authentication key: [none] + General key info..: [none] + + gpg/card> admin + Admin commands are allowed + + gpg/card> generate + Make off-card backup of encryption key? (Y/n) n + + Please note that the factory settings of the PINs are + PIN = '123456' Admin PIN = '12345678' + You should change them using the command --change-pin + + What keysize do you want for the Signature key? (2048) 2048 + What keysize do you want for the Encryption key? (2048) 2048 + What keysize do you want for the Authentication key? (2048) 2048 + Please specify how long the key should be valid. + 0 = key does not expire + = key expires in n days + w = key expires in n weeks + m = key expires in n months + y = key expires in n years + Key is valid for? (0) 0 + Key does not expire at all + Is this correct? (y/N) y + + GnuPG needs to construct a user ID to identify your key. + + Real name: testkey + Email address: + Comment: + You selected this USER-ID: + "testkey" + + Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O + gpg: /home/cme/Projects/Git/ledgerblue/blue-app-openpgp-card/manual-test/gnupg/trustdb.gpg: trustdb created + gpg: key 5ED17DF289C757A2 marked as ultimately trusted + gpg: directory '/home/cme/Projects/Git/ledgerblue/blue-app-openpgp-card/manual-test/gnupg/openpgp-revocs.d' created + gpg: revocation certificate stored as '/home/cme/Projects/Git/ledgerblue/blue-app-openpgp-card/manual-test/gnupg/openpgp-revocs.d/7FDC3D2FCD3558CB06631EAB5ED17DF289C757A2.rev' + public and secret key created and signed. + + + gpg/card> quit + pub rsa2048 2017-10-03 [SC] + 7FDC3D2FCD3558CB06631EAB5ED17DF289C757A2 + uid testkey + sub rsa2048 2017-10-03 [A] + sub rsa2047 2017-10-03 [E] + + + +Step6: encrypt/decrypt +----- +encrypt + + $ killall scdaemon gpg-agent + $ echo CLEAR > foo.txt + $ gpg2 --homedir `pwd`/gnupg -e -r testkey foo.txt + gpg: WARNING: unsafe permissions on homedir '/home/cme/Projects/Git/ledgerblue/blue-app-openpgp-card/manual-test/gnupg' + gpg: checking the trustdb + gpg: marginals needed: 3 completes needed: 1 trust model: pgp + gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u + +Force pin to asked + + $ killall gpg-agent scdaemon + +decrypt + + $ gpg2 --homedir `pwd`/gnupg foo.txt.gpg + gpg: WARNING: unsafe permissions on homedir '/home/cme/Projects/Git/ledgerblue/blue-app-openpgp-card/manual-test/gnupg' + gpg: encrypted with 2047-bit RSA key, ID 602FE5EB7BFA4B00, created 2017-10-03 + "testkey" + File 'foo.txt' exists. Overwrite? (y/N) y + +Step7: pin on screen +------ + +Restart from Step1, but skip step4