blob42
/
trezor-agent
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
fix-issue-callexception
master
nistp521
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.0
v0.9.8
v0.9.7
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.3
v0.8.1
v0.8.2
v0.8.0
v0.7.6
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.6.6
v0.7.0
v0.7.1
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6
v0.5.1
v0.5.0
v0.4.2
v0.4.1
v0.4
v0.3
v0.2
v0.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e922f45871'
${ noResults }
trezor-agent/README-GPG.md

3.6 KiB
Raw Blame History

Note: the GPG-related code is still under development, so please try the current implementation and please let me know if something doesn't work well for you. If possible:

  • record the session (e.g. using asciinema)
  • attach the GPG agent log from ~/.gnupg/{trezor,ledger}/gpg-agent.log

Thanks!

Installation

First, verify that you have GPG 2.1.11+ installed (Debian, macOS):

$ gpg2 --version | head -n1
gpg (GnuPG) 2.1.15

This GPG version is included in Ubuntu 16.04 and Linux Mint 18.

Update you device firmware to the latest version and install your specific agent package:

$ pip install --user (trezor|keepkey|ledger)_agent

Quickstart

Identity creation

asciicast

In order to use specific device type for GPG indentity creation, use either command:

$ DEVICE=(trezor,ledger) ./scripts/gpg-init "John Doe <john@doe.bit>"

Sample usage (signature and decryption)

asciicast

In order to use specific device type for GPG operations, set the following environment variable to either:

$ export GNUPGHOME=~/.gnupg/{trezor,ledger}

You can use GNU Privacy Assistant (GPA) in order to inspect the created keys and perform signature and decryption operations using:

$ sudo apt install gpa
$ GNUPGHOME=~/.gnupg/trezor gpa

GPA

Git commit & tag signatures:

Git can use GPG to sign and verify commits and tags (see here):

$ git config --local commit.gpgsign 1
$ git config --local gpg.program $(which gpg2)
$ git commit --gpg-sign                      # create GPG-signed commit
$ git log --show-signature -1                # verify commit signature
$ git tag v1.2.3 --sign                      # create GPG-signed tag
$ git tag v1.2.3 --verify                    # verify tag signature

Password manager

First install pass from passwordstore.org and initialize it to use your TREZOR-based GPG identity:

$ export GNUPGHOME=~/.gnupg/trezor
$ pass init "Roman Zeyde <roman.zeyde@gmail.com>"
Password store initialized for Roman Zeyde <roman.zeyde@gmail.com>

Then, you can generate truly random passwords and save them encrypted using your public key (as separate .gpg files under ~/.password-store/):

$ pass generate Dev/github 32
$ pass generate Social/hackernews 32
$ pass generate Social/twitter 32
$ pass generate VPS/linode 32
$ pass
Password Store
├── Dev
│   └── github
├── Social
│   ├── hackernews
│   └── twitter
└── VPS
    └── linode

In order to paste them into the browser, you'd need to decrypt the password using your hardware device:

$ pass --clip VPS/linode
Copied VPS/linode to clipboard. Will clear in 45 seconds.

You can also use the following Qt-based UI for pass:

$ sudo apt install qtpass
$ GNUPGHOME=~/.gnupg/trezor qtpass

Re-generation of an existing GPG identity

asciicast