diff --git a/trezor_agent/gpg/check.py b/trezor_agent/gpg/check.py index 58ddba9..d535ebf 100755 --- a/trezor_agent/gpg/check.py +++ b/trezor_agent/gpg/check.py @@ -37,12 +37,13 @@ def verify(pubkey, sig_file): def main(): """Main function.""" - logging.basicConfig(level=logging.DEBUG, - format='%(asctime)s %(levelname)-10s %(message)s') p = argparse.ArgumentParser() p.add_argument('pubkey') p.add_argument('signature') + p.add_argument('-v', '--verbose') args = p.parse_args() + logging.basicConfig(level=logging.DEBUG if args.verbose else logging.INFO, + format='%(asctime)s %(levelname)-10s %(message)s') verify(pubkey=decode.load_public_key(open(args.pubkey, 'rb')), sig_file=args.signature) diff --git a/trezor_agent/gpg/demo.sh b/trezor_agent/gpg/demo.sh index 655a547..cf44a61 100755 --- a/trezor_agent/gpg/demo.sh +++ b/trezor_agent/gpg/demo.sh @@ -1,19 +1,19 @@ #!/bin/bash set -x CREATED=1460731897 # needed for consistent public key creation -NAME="trezor_key" # will be used as GPG user id and public key name +NAME="trezor_demo" # will be used as GPG user id and public key name echo "Hello GPG World!" > EXAMPLE # Create, sign and export the public key -./signer.py $NAME --time $CREATED +trezor-gpg $NAME --time $CREATED -o $NAME.pub # Install GPG v2.1 (modern) and import the public key gpg2 --import $NAME.pub gpg2 --list-keys $NAME +# gpg2 --edit-key $NAME trust # optional: mark it as trusted -# Perform actual GPG signature using TREZOR -./signer.py $NAME EXAMPLE -./check.py $NAME.pub EXAMPLE.sig # pure Python verification +# Perform actual GPG signature using TREZOR device +trezor-gpg $NAME EXAMPLE -# gpg2 --edit-key trezor_key trust # optional: mark it as trusted +# Verify signature using GPG2 binary gpg2 --verify EXAMPLE.sig diff --git a/trezor_agent/gpg/signer.py b/trezor_agent/gpg/signer.py index 0af2342..1f787c7 100755 --- a/trezor_agent/gpg/signer.py +++ b/trezor_agent/gpg/signer.py @@ -2,6 +2,7 @@ """Create signatures and export public keys for GPG using TREZOR.""" import argparse import logging +import sys import time from . import check, decode, encode @@ -9,6 +10,10 @@ from . import check, decode, encode log = logging.getLogger(__name__) +def _open_output(filename): + return sys.stdout if filename == '-' else open(filename, 'wb') + + def main(): """Main function.""" p = argparse.ArgumentParser() @@ -18,6 +23,7 @@ def main(): p.add_argument('-a', '--armor', action='store_true', default=False) p.add_argument('-v', '--verbose', action='store_true', default=False) p.add_argument('-e', '--ecdsa-curve', default='nist256p1') + p.add_argument('-o', '--output-file') args = p.parse_args() logging.basicConfig(level=logging.DEBUG if args.verbose else logging.INFO, @@ -31,8 +37,8 @@ def main(): if args.armor: pubkey = encode.armor(pubkey, 'PUBLIC KEY BLOCK') ext = '.asc' - filename = s.hex_short_key_id() + ext - open(filename, 'wb').write(pubkey) + filename = args.output_file or (s.hex_short_key_id() + ext) + _open_output(filename).write(pubkey) log.info('import to local keyring using "gpg2 --import %s"', filename) else: pubkey = decode.load_from_gpg(user_id) @@ -42,8 +48,8 @@ def main(): if args.armor: sig = encode.armor(sig, 'SIGNATURE') ext = '.asc' - filename = args.filename + ext - open(filename, 'wb').write(sig) + filename = args.output_file or (args.filename + ext) + _open_output(filename).write(sig) check.verify(pubkey=pubkey, sig_file=filename) s.close()