Strategies for offline PGP key storage
Strategies for offline PGP key storage
Posted Oct 15, 2017 23:30 UTC (Sun) by metasequoia (guest, #119065)Parent article: Strategies for offline PGP key storage
It only costs $2 on ebay.
You can find it by searching on "STM32F103 Minimum system development board".
To use it, one will also need a 3.3 volt USB-UART adapter to program the board, (also really cheap).
And one will also need to figure out some way to protect it from breakage - Embedding it in a lump of moldable thermosetting plastic seems like the easiest thing to do. It also offers some security/tamper resistance.
Apart from the Fimo or epoxy potting material, the total cost of the dongle could work out to under $4.
You should know that the Blue Pill boards USB connectors are notorious for breaking off. They are only soldered on lightly and need reinforcement. Even with it they remain very easy to break. So to avoid it coming off I would either completely replace the USB with a plug and embed it in plastic as shown in the image below, or put it in a small case, and leave a short cable permanently attached to it. You really should plan on doing that unless you only use it at home at your desk. Or don't expect it to last long. It will break.
This is the one you want. http://wiki.stm32duino.com/index.php?title=Blue_Pill
Also, note that these boards have some other issues, which may impact their usefulness unless addressed. For example. "The USB standard requires a 1.5 kΩ pullup resistor on D+, but this board is known to have a wrong value (R10 on the board). It ships with either a 10 kΩ resistor or a 4.7 kΩ resistor, but it should be replaced with a 1.5 kΩ resistor, or put an appropriate resistor value (e.g 1.8 kΩ) in between PA12 and 3.3V. It is also true that some PCs are tolerant of incorrect value so, before you change the resistance, you can try if it works in your case."
Software repository: https://anonscm.debian.org/cgit/gnuk/gnuk/gnuk.git
changelog:
https://anonscm.debian.org/cgit/gnuk/gnuk/gnuk.git/commit...
You'll need the arm-none-eabi-gcc toolchain,
If you use the USB-UART flashing method make sure the UART device you use can be set to 3.3 volts. Many of them have a jumper to allow the setting of either 3.3 volts or 5 volts.
Programming:
You'll need to set a jumper on the Blue Pill, "Boot0" to 1 briefly to allow the binary to be uploaded to it, then set it back.
To do this you can use a linux program called stm32flash
https://sourceforge.net/p/stm32flash/wiki/Home/
(There are a number of different ways to flash the software onto an stm32 board but this seems to me to be the simplest.)
Youll need to use either headers (typically soldered) or clips of some kind to in a robust manner connect to the following pins to upload the program to the board.
Ground goes to the "G" pin, the second inward from the bottom right corner. +3.3 volts goes to the "3.3" pin on the bottom right corner. TXD on the USB-UART goes to the A10 pin and RXD goes to the A9 pin. All of these pins are on the bottom row.
If the upload doesn't work, try reversing the connections to A9 and A10, some USB UART devices label their pins with what you are supposed to connect them to, not what they are. So its reversed.
You cannot program the dongle using its USB connection, which is a very good thing in this context.
So..
Change the boot0 jumper to 1,
connect the wires, then apply power
start the upload program, telling it where the binary file is.
It will run and tell you its successfully completed. Then remove power, change the boot0 jumper back to 0 and reboot.
It should now work.
Gnuk documentation: http://www.fsij.org/doc-gnuk/index.html
FSIJ blog showing a good way of protecting a device by embedding it in moldable plastic.
https://www.fsij.org/category/gnuk.html >> https://www.fsij.org/images/gnuk/FST-01G-201701-00.jpg
