 So, hello everyone, Taja Hao, that's in Chinese. I'm from Japan. Today, I present to you about the GNUG token, that is a cryptographic USB token, which is fully implemented by free software and free hardware design. And I explain about the GNU PG-FC demo, which is a kind of driver for the token. And this is the talk of my experience to have better control, control means by its user, not by government or not by company, and of computing for privacy with dedicated device of minimized features. And what's GNUG? GNUG. It's an FSIJ project, a free software project and a free software initiative of Japan. It is an implementation of cryptographic token. It is a bit harder for me to pronounce it, cryptographic token. Yeah. It supports OpenPGP card protocol, version 2 and version 3, and it runs on STM32F103. It's typo. Yes, it's ARM Cortex-M3. And it supports RSA 2048 and ECC. And somehow it works with RSA 4096, but it's so slow, it takes about eight seconds or so to sign. And the name GNUG comes from GNU and NUG because at that time, my son used to require NUG every year or every time. So this is a logo of GNUG. And it is a software implementation. So GNUG means a software itself. And we call a device GNUG token when it runs GNUG. So there are many hardware implementation or GNUG support multiple devices. So there are many variants of GNUG token, actually. Wait a minute. This is better. This is a presentation mode. It was a printer mode. Sorry. Here it is. So this is a picture of the structure of GNU PG processes and the device. We have multiple components, software of GPG front end and, apparently, GPG agent and directory manager and SGDemon. And we have a GNUG token here. The major reason why we have many processes or software components and hardware component is that to minimize the attack surface, this is the most important point. And this is a typical use case of GNUG token by a concrete example of my daily hacking life. I have a computer on the door like that and I have a computer at work and at home. Among those three environments, I use single GNUG token for my authentication, signing or decryption. So it can be solved by copying a private key to each computer, but it increases attack surface. So the important things for me is no more copy of my private key on different computers. So I use single device. And it should be separate dedicated device which is removable from computer so that computer only supplies power when it's actual use. And it should be physically smaller so that the user can bring the token conveniently. And those are things I have learned. Controlling my own computing is getting harder and harder. You know, we have many software components these days and we have to use, say, browser which is so complex and extensible and loading code from the Internet. I mean some JavaScript extensions. It is very difficult for me to control such an environment. So I wanted to control at least the computing for cryptographic operation. That is a major reason why I choose the single device to only to do that. And the random number generation, random number sequence is very difficult things. My tentative conclusion is that nobody should control the particular random sequence generation. This is the most important part I have learned. Yes. And speaking about freedom, not only software tool chain but also we need some free software implementation tools like KyCAD, OpenOCD, Segulux and so on. Thanks for those projects. We have a free software implementation and we use some hardware tools. I mean JTAG access hardware. Those firmware should be also free software. And thirdly, difficult things is that I ask manufacturer of my device and the computer in the factory could be major attack vector. I mean that a malicious guy installed very malicious feature inside that computer. Then all the device I asked will be suffered. So computer use in factory is also important. Yes. And the distribution of the product is also important things. Yes. And here is a small history. I started the GNUK project in 2010, October and with only Macs board. And then here was discovery. I discovered that evaluation board by ST, the STM8S discovery kit. It is an 8-bit computer evaluation board but we have a USB access by STM32. And we can somehow abuse that part of the kit for GNUK. But it requires some electronics knowledge to use that part. So I supported more board by GNUK but people requested some good... Yes. Difference implementation. So I designed my own FST-01 in 2011 and I see the technology for somehow mass production, 1000 pieces in 2012. And I have updated the design two years ago and I manufactured 300 in last year. And soon after it started I found that the host side support is very much important, not only the firmware itself. And so I joined GNU PG development in 2011 to improve SCDemon. And SCDemon is access smart card through CCID leader. It is a kind of difficult software because we need to support proprietary things, proprietary card leader, proprietary cards, and some proprietary operating system, and so on. I think that if you are a smart card user for GNU PG you perhaps feel smart card access has been improved. And now it can support multiple tokens simultaneously if you choose an in-stock driver of GNU PG. And here is hardware design. I use chi-card for PCB design. This is done in 2011 and this is FST-01G, another one, the update version. And so lastly I'd like to address many other things. Flashing MCU. I used to use ST-Link V2. I have to reverse engineer the protocol, USB protocol, and I wrote some tools for flashing MCU. And I need to implement random number generator. Entropy source is the ADC sample. And I need to design firmware update. And this can be the varied attack vector. We have experienced in some product firmware update could be attack vector. And here is a difficult part. We design require USB vendor ID. Thanks for FSIG. We have an official one. And manufacturing, I depend on seed technology in Shenzhen and they can distribute the product too. And I have to develop my own thread library because existing RTOS they consider more is better. But more means larger attack surface for me. So I need minimum one. And the GPL compliance issue we need to somehow deliver source code to user and GPL itself. At first I try to put everything in the serial flash long within the board. But I encounter the failure because manufacturing cost matters. It takes time to make a copy if I ask factory to do that. Okay. And so I only deliver GPL itself by device. And yes, this is mostly difficult part. How to deliver such a device? Yes, we need trust. So basically I prefer delivering in person. But free software foundation in 2015 kindly deliver my device. Yes. And in two years ago I wrote my own tool for flashing my firmware in factory. And here is source code access. And last year I implemented the evaluation so that people can learn GNUQ without real hardware. Yes. And we have FSF, GNUQ PG project, Debian and FSR is there. They support GNUQ implementation or distribution. Yes. Here is a hardware suggestion for GNUQ. We can use blue pill. It's very cheap one. One euro or so. Less than two euro. And ST-Link version 2 Chrome is also can be target to GNUQ token. Yes. And it is available at FSF shop. So summary is like that. Free software, not only free software free implementation, free design free software environment is important. But someone have to do some dirty work. That's all. So any questions? Here is a reference. So two or three minutes for questions. We have two minutes. Two minutes. What are the differences between one and the recent version? Recent version lacks three alone because it discontinued in five years. And I updated regulator because of the discontinued part. Yes. From the software view, it's same. Yes. So lastly, in the flight I saw the sorry, I don't have it later, please. I watched Blade Runner 2049 and the laser set to K. Join us, please. Thank you.