trezor-agent/README-GPG.md

Note: the GPG-related code is still under development, so please try the current implementation
and feel free to [report any issue](https://github.com/romanz/trezor-agent/issues) you have encountered.
Thanks!

# Installation

First, verify that you have GPG 2.1+ [installed](https://gist.github.com/vt0r/a2f8c0bcb1400131ff51):

```
$ gpg2 --version | head -n1
gpg (GnuPG) 2.1.15
```

Update you TREZOR firmware to the latest version (at least v1.4.0).

Install latest `trezor-agent` package from GitHub:
```
$ pip install --user git+https://github.com/romanz/trezor-agent.git
```

# Quickstart

## Identity creation
[![asciicast](https://asciinema.org/a/c2yodst21h9obttkn9wgf3783.png)](https://asciinema.org/a/c2yodst21h9obttkn9wgf3783)

## Sample usage (signature and decryption)
[![asciicast](https://asciinema.org/a/7x0h9tyoyu5ar6jc8y9oih0ba.png)](https://asciinema.org/a/7x0h9tyoyu5ar6jc8y9oih0ba)

You can use GNU Privacy Assistant (GPA) in order to inspect the created keys
and perform signature and decryption operations using:

```
$ sudo apt install gpa
$ ./scripts/gpg-shell gpa
```
[![GPA](https://cloud.githubusercontent.com/assets/9900/20224804/053d7474-a849-11e6-87f3-ab07dc536158.png)](https://www.gnupg.org/related_software/swlist.html#gpa)

## Git commit & tag signatures:
Git can use GPG to sign and verify commits and tags (see [here](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work)):
```
$ git config --local gpg.program $(which gpg2)
$ git commit --gpg-sign                      # create GPG-signed commit
$ git log --show-signature -1                # verify commit signature
$ git tag --sign "v1.2.3"                    # create GPG-signed tag
$ git verify-tag "v1.2.3"                    # verify tag signature
```
gpg: note WIP status in README 2016-07-30 11:52:50 +00:00			`Note: the GPG-related code is still under development, so please try the current implementation`
			`and feel free to [report any issue](https://github.com/romanz/trezor-agent/issues) you have encountered.`
			`Thanks!`
gpg: note WIP status in README 2016-07-30 11:45:50 +00:00
README: add GPG part 2016-06-20 19:38:30 +00:00			`# Installation`
gpg: install gpg-git wrapper script 2016-05-07 10:02:10 +00:00
gpg: add screencasts 2016-05-07 12:51:01 +00:00			`First, verify that you have GPG 2.1+ [installed](https://gist.github.com/vt0r/a2f8c0bcb1400131ff51):`
gpg: update README.md 2016-06-20 19:13:05 +00:00
gpg: refactor cli 2016-05-06 19:16:03 +00:00			```
gpg: add screencasts 2016-05-07 12:51:01 +00:00			`$ gpg2 --version \| head -n1`
README: update for new user ID specification for GPG 2016-10-18 15:12:42 +00:00			`gpg (GnuPG) 2.1.15`
gpg: refactor cli 2016-05-06 19:16:03 +00:00			```

GPG: fix installation instructions 2016-10-04 16:59:08 +00:00			`Update you TREZOR firmware to the latest version (at least v1.4.0).`
gpg: update README.md 2016-06-20 19:13:05 +00:00
GPG: fix installation instructions 2016-10-04 16:59:08 +00:00			Install latest `trezor-agent` package from GitHub:
gpg: add installation command to README 2016-05-07 17:41:34 +00:00			```
gpg: update trezor-agent installation instruction (using pip) 2016-08-27 17:59:25 +00:00			`$ pip install --user git+https://github.com/romanz/trezor-agent.git`
gpg: add installation command to README 2016-05-07 17:41:34 +00:00			```

gpg: update README for easier usage 2016-10-22 19:44:45 +00:00			`# Quickstart`
gpg: add output examples 2016-05-07 10:15:29 +00:00
gpg: update screencasts 2016-10-24 16:48:47 +00:00			`## Identity creation`
			`[![asciicast](https://asciinema.org/a/c2yodst21h9obttkn9wgf3783.png)](https://asciinema.org/a/c2yodst21h9obttkn9wgf3783)`
gpg: update README.md 2016-06-20 19:13:05 +00:00
gpg: update screencasts 2016-10-24 16:48:47 +00:00			`## Sample usage (signature and decryption)`
			`[![asciicast](https://asciinema.org/a/7x0h9tyoyu5ar6jc8y9oih0ba.png)](https://asciinema.org/a/7x0h9tyoyu5ar6jc8y9oih0ba)`
gpg: install gpg-git wrapper script 2016-05-07 10:02:10 +00:00
gpg: add usage example for GPA 2016-11-11 18:05:47 +00:00			`You can use GNU Privacy Assistant (GPA) in order to inspect the created keys`
			`and perform signature and decryption operations using:`

			```
			`$ sudo apt install gpa`
			`$ ./scripts/gpg-shell gpa`
			```
			`[![GPA](https://cloud.githubusercontent.com/assets/9900/20224804/053d7474-a849-11e6-87f3-ab07dc536158.png)](https://www.gnupg.org/related_software/swlist.html#gpa)`

gpg: add screencasts 2016-05-07 12:51:01 +00:00			`## Git commit & tag signatures:`
			`Git can use GPG to sign and verify commits and tags (see [here](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work)):`
gpg: install gpg-git wrapper script 2016-05-07 10:02:10 +00:00			```
gpg: use `which gpg2` for 'gpg.program' git configuration This enables git-cola support TREZOR-based commit signatues, together with "cola.signcommits=true" setting. 2016-10-29 19:28:57 +00:00			`$ git config --local gpg.program $(which gpg2)`
gpg: add screencasts 2016-05-07 12:51:01 +00:00			`$ git commit --gpg-sign # create GPG-signed commit`
			`$ git log --show-signature -1 # verify commit signature`
README: make tag example clearer 2016-10-23 10:56:22 +00:00			`$ git tag --sign "v1.2.3" # create GPG-signed tag`
			`$ git verify-tag "v1.2.3" # verify tag signature`
GPG: fix installation instructions 2016-10-04 16:59:08 +00:00			```