From c98cb22ba4f92d0562a0a0c5f962af2dc03607b9 Mon Sep 17 00:00:00 2001
From: Roman Zeyde <roman.zeyde@gmail.com>
Date: Fri, 17 Jun 2016 09:34:05 +0300
Subject: [PATCH] gpg: use separate derivations for GPG keys

---
 trezor_agent/gpg/__main__.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/trezor_agent/gpg/__main__.py b/trezor_agent/gpg/__main__.py
index b061b43..1107b5a 100755
--- a/trezor_agent/gpg/__main__.py
+++ b/trezor_agent/gpg/__main__.py
@@ -18,7 +18,8 @@ def run_create(args):
     user_id = os.environ['TREZOR_GPG_USER_ID']
     conn = encode.HardwareSigner(user_id=user_id,
                                  curve_name=args.ecdsa_curve)
-    verifying_key = conn.pubkey()
+    verifying_key = conn.pubkey(ecdh=False)
+    decryption_key = conn.pubkey(ecdh=True)
 
     if args.subkey:
         primary_bytes = keyring.export_public_key(user_id=user_id)
@@ -29,7 +30,7 @@ def run_create(args):
         # subkey for encryption
         encryption_key = proto.PublicKey(
             curve_name=args.ecdsa_curve, created=args.time,
-            verifying_key=verifying_key, ecdh=True)
+            verifying_key=decryption_key, ecdh=True)
         result = encode.create_subkey(primary_bytes=primary_bytes,
                                       pubkey=signing_key,
                                       signer_func=conn.sign)
@@ -44,7 +45,7 @@ def run_create(args):
         # subkey for encryption
         subkey = proto.PublicKey(
             curve_name=args.ecdsa_curve, created=args.time,
-            verifying_key=verifying_key, ecdh=True)
+            verifying_key=decryption_key, ecdh=True)
 
         result = encode.create_primary(user_id=user_id,
                                        pubkey=primary,