GnuPG application for Ledger devices
This application implements "The OpenPGP card" specification revision 3.3. This specification is available in doc directory and at https://g10code.com/p-card.html.
The application supports:
- RSA with key up to 3072 bits
- ECDSA with secp256R1 and secp256K1
- EDDSA with Ed25519 curve
- ECDH with secp256R1, secp256K1 and curve25519 curves
See the full doc in rst, or in pdf
The GnuPG application implements the following addon:
- Serial modification
- On screen reset
- 3 independent key slots (except for Nanos, where we have only a single slot)
- Seeded key generation
Technical specification is available in rst, or in pdf
The OpenPGP card specification indicates:
- 3 asymmetric keys:
- Signature,
- Decryption
- Authentication
- 1 symmetric key
The application allows you to store 3 different key sets, named slot. Each slot contains the above 4 keys. You can choose the active slot on the main screen. When installed the default slot is "1". You can change it in settings.
A seeded mode is implemented in order to restore private keys on a new token. In this mode, key material is generated from the global token seed.
Also, a backup/restore mechanism is provided. Please report to the Documentation.
Warning: Without such configuration, an OS or App update will cause your private key to be lost!"
The following is a repeatable process that will generate the same keys and fingerprints (even with different card serial numbers).
- Reset the OpenPGP App
- Set Key Templates from the OpenPGP App menu, if needed
- On computer, use
gpg
to edit the key with a fixed timestamp:
gpg --faked-system-time 19990101T000000! --card-edit # note the exclamation mark to keep the time fixed
gpg> admin
gpg> generate
... # complete the wizard
While doing this, ensure that you use the same --faked-system-time
and "Real Name" and "Email"
during the generation wizard to reproduce the same keys each time.
The application can be reset as if it was fresh installed. In settings, choose reset and confirm.
You can quickly setup a convenient environment to build and test your application by using Ledger's VSCode developer tools extension which leverages the ledger-app-dev-tools docker image.
It will allow you, whether you are developing on macOS, Windows or Linux, to quickly build your apps, test them on Speculos and load them on any supported device.
- Install and run Docker.
- Make sure you have an X11 server running:
- Install VScode and add Ledger's extension.
- Open a terminal and clone
app-openpgp
withgit clone git@github.com:LedgerHQ/app-openpgp.git
. - Open the
app-openpgp
folder with VSCode. - Use Ledger extension's sidebar menu or open the tasks menu with
ctrl + shift + b
(command + shift + b
on a Mac) to conveniently execute actions:- Build the app for the device model of your choice with
Build
. - Test your binary on Speculos with
Run with Speculos
. - You can also run functional tests, load the app on a physical device, and more.
- Build the app for the device model of your choice with
The terminal tab of VSCode will show you what commands the extension runs behind the scene.
The ledger-app-dev-tools docker image contains all the required tools and libraries to build, test and load an application.
You can download it from the ghcr.io docker repository:
sudo docker pull ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest
You can then enter this development environment by executing the following command
from the directory of the application git
repository:
sudo docker run --rm -ti --user "$(id -u):$(id -g)" --privileged -v "/dev/bus/usb:/dev/bus/usb" -v "$(realpath .):/app" ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest
sudo docker run --rm -ti --user "$(id -u):$(id -g)" --privileged -v "$(pwd -P):/app" ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest
docker run --rm -ti --privileged -v "$(Get-Location):/app" ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest
The application's code will be available from inside the docker container, you can proceed to the following compilation steps to build your app.
To easily setup a development environment for compilation and loading on a physical device, you can use the VSCode integration whether you are on Linux, macOS or Windows.
If you prefer using a terminal to perform the steps manually, you can use the guide below.
Setup a compilation environment by following the shell with docker approach.
From inside the container, use the following command to build the app:
make DEBUG=1 # compile optionally with PRINTF
You can choose which device to compile and load for by setting the BOLOS_SDK
environment variable to the following values:
BOLOS_SDK=$NANOS_SDK
BOLOS_SDK=$NANOX_SDK
BOLOS_SDK=$NANOSP_SDK
BOLOS_SDK=$STAX_SDK
BOLOS_SDK=$FLEX_SDK
This step will vary slightly depending on your platform.
Your physical device must be connected, unlocked and the screen showing the dashboard (not inside an application).
First make sure you have the proper udev rules added on your host. See udev-rules
Then once you have opened a terminal in the app-builder
image and built the app
for the device you want, run the following command:
# Run this command from the app-builder container terminal.
make load # load the app on a Nano S by default
Setting the BOLOS_SDK environment variable will allow you to load on whichever supported device you want.
It is assumed you have Python installed on your computer.
Run these commands on your host from the app's source folder once you have built the app for the device you want:
# Install Python virtualenv
python3 -m pip install virtualenv
# Create the 'ledger' virtualenv
python3 -m virtualenv ledger
Enter the Python virtual environment
- macOS:
source ledger/bin/activate
- Windows:
.\ledger\Scripts\Activate.ps1
# Install Ledgerblue (tool to load the app)
python3 -m pip install ledgerblue
# Load the app.
python3 -m ledgerblue.runScript --scp --fileName bin/app.apdu --elfFile bin/app.elf
The OpenPGP app comes with different tests:
- Functional Tests implemented with Ledger's Ragger test framework.
- Unit Tests, allowing to test basic simple functions
- Manual Tests, using some script to perform real tests on the device:
- Key generation
- Encryption/Decryption
- Sign/Verify
On Linux, you can use Ledger's VS Code extension to run the tests. If you prefer not to, open a terminal and follow the steps below.
Install the tests requirements:
pip install -r tests/requirements.txt
Then you can:
Run the functional tests (here for nanos but available for any device once you have built the binaries):
pytest tests/ --tb=short -v --device nanos
Or run your app directly with Speculos
speculos --model nanos build/nanos/bin/app.elf
To test your app on macOS or Windows, it is recommended to use Ledger's VS Code extension to quickly setup a working test environment.
You can use the following sequence of tasks and commands (all accessible in the extension sidebar menu):
Select build target
Build app
Then you can choose to execute the functional tests:
- Use
Run tests
.
Or simply run the app on the Speculos emulator:
Run with Speculos
.
Those tests are available in the directory unit-tests
. Please see the corresponding README
to compile and run them.
Those tests are available in the directory manual-tests
. This consists in a helper script (manual.sh
)
corresponding to different cases described in the document Quick tests.
Several documents are available.
Functional Specification of the OpenPGP Application available here, but also at https://g10code.com/p-card.html.
User documentation for the Ledger Application available here: rst, or pdf
Developer documentation related to the Ledger Add-ons available here: rst, or pdf
A Quick Test document to perform Manual Tests
available here
The pdf documentation for User and Developer are available, and can be generated from
the corresponding .rst
files (in the same respective directories) using this command:
cd doc/
./generate.sh
The flow processed in GitHub Actions is the following:
- Ledger guidelines enforcer which verifies that an app is compliant with Ledger guidelines. The successful completion of this reusable workflow is a mandatory step for an app to be available on the Ledger application store. More information on the guidelines can be found in the repository ledger-app-workflow
- Code formatting with clang-format
- Compilation of the application for all Ledger hardware in ledger-app-builder
- Unit tests of C functions with cmocka (see unit-tests/)
- End-to-end tests with Speculos emulator and ragger (see tests/)
- Code coverage with gcov/lcov and upload to codecov.io
It outputs 3 artifacts:
compiled_app_binaries
within binary files of the build process for each devicecode-coverage
within HTML details of code coverage
Today, the current App has some known limitations.
- RSA4096 is disabled, because of an issue with the watchdog, resetting the device during long prime number operation.
- Using Ed25519 template, the decrypt doesn't output a correct result.