kopia lustrzana https://github.com/conorpp/u2f-zero
Merge branch 'master' of github.com:conorpp/u2f-zero
commit
0e5d6453ce
44
README.md
44
README.md
|
@ -3,6 +3,7 @@
|
|||
U2F Zero
|
||||
========
|
||||
|
||||
![](http://i.imgur.com/ZSk2AW3.jpg)
|
||||
|
||||
Overview
|
||||
=======
|
||||
|
@ -23,6 +24,29 @@ The device also has an RGB LED for status indication and a button to receive use
|
|||
|
||||
USB pins are exposed copper zones on the PCB. A 2mm thick PCB is recommended for best fit but 1.6 mm will work as well.
|
||||
|
||||
## Random number generation
|
||||
|
||||
The ATECC508A has a tamper resistent, [cryptographically secure
|
||||
random number generator](https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator)
|
||||
(CSPRNG) that implements [CTR_DRBG](https://en.wikipedia.org/wiki/NIST_SP_800-90A).
|
||||
It's used internally for key generation and signing but it's also exposed to the user because
|
||||
a good source of entropy can be useful.
|
||||
|
||||
Generate random numbers from the device:
|
||||
|
||||
```bash
|
||||
cd tools/u2f_zero_client
|
||||
./client.py rng # output randomness at about 1400 bytes/s
|
||||
```
|
||||
|
||||
Update the seed with user supplied data:
|
||||
|
||||
```bash
|
||||
cd tools/u2f_zero_client
|
||||
cat /dev/random | ./client.py seed # update seed at about 410 bytes/s
|
||||
```
|
||||
|
||||
|
||||
Firmware
|
||||
========
|
||||
|
||||
|
@ -83,26 +107,6 @@ U2F layer:
|
|||
* u2f.h
|
||||
* u2f-atecc.c // device specific implementation
|
||||
|
||||
## Random number generation
|
||||
|
||||
U2F Zero has a [true random number generator](https://en.wikipedia.org/wiki/Hardware_random_number_generator)
|
||||
(TRNG). It's used internally
|
||||
for key generating and signing but it's also exposed to the user for other use cases because
|
||||
a good source of entropy can be useful.
|
||||
|
||||
Generate random numbers from the device:
|
||||
|
||||
```python
|
||||
cd tools/u2f_zero_client
|
||||
./client.py rng # output randomness at about 1400 bytes/s
|
||||
```
|
||||
|
||||
Update the seed with user supplied data:
|
||||
|
||||
```python
|
||||
cd tools/u2f_zero_client
|
||||
cat /dev/random | ./client.py seed # update seed at about 410 bytes/s
|
||||
```
|
||||
|
||||
## Build a U2F Zero token yourself
|
||||
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
|
||||
|
||||
keyname=key.pem
|
||||
certname=cert.pem
|
||||
curve=prime256v1
|
||||
|
||||
ca:
|
||||
# generate EC private key
|
||||
openssl ecparam -genkey -name $(curve) -out $(keyname)
|
||||
# generate a "signing request"
|
||||
openssl req -new -key $(keyname) -out $(keyname).csr
|
||||
# self sign the request
|
||||
openssl x509 -req -in $(keyname).csr -signkey $(keyname) -out $(certname)
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/bash
|
||||
|
||||
keyname=key.pem
|
||||
certname=cert.pem
|
||||
curve=prime256v1
|
||||
|
||||
# generate EC private key
|
||||
openssl ecparam -genkey -name "$curve" -out "$keyname"
|
||||
# generate a "signing request"
|
||||
openssl req -new -key "$keyname" -out "$keyname".csr
|
||||
# self sign the request
|
||||
openssl x509 -req -in "$keyname".csr -signkey "$keyname" -out "$certname"
|
||||
|
Ładowanie…
Reference in New Issue