trezor-agent/trezor_agent/gpg
2016-05-07 13:05:25 +03:00
..
__init__.py gpg: pydocstyle fixes 2016-04-24 12:22:02 +03:00
agent.py gpg: generalize RSA/ECDSA signatures 2016-04-30 13:01:40 +03:00
decode.py gpg: refactor cli 2016-05-06 22:19:46 +03:00
encode.py gpg: better logging 2016-05-07 13:05:25 +03:00
proto.py gpg: handle multiple packets 2016-04-30 21:07:19 +03:00
README.md gpg: install gpg-git wrapper script 2016-05-07 13:02:16 +03:00
signer.py gpg: use environment variable for user_id 2016-05-07 09:41:58 +03:00
trezor-git-gpg-wrapper.sh gpg: use environment variable for user_id 2016-05-07 09:41:58 +03:00

Using TREZOR as hardware GPG agent

Generate new GPG signing key:

$ export TREZOR_GPG_USER_ID="Satoshi Nakamoto <satoshi@nakamoto.bit>"

Create new GPG identity:

$ trezor-gpg create > identity.pub                  # create new TREZOR-based GPG identity
$ gpg2 --import identity.pub                        # import into local GPG public keyring
$ gpg2 --edit "${TREZOR_GPG_USER_ID}" trust         # OPTIONAL: mark the key as trusted

Create new subkey for an existing GPG identity:

$ gpg2 --list-keys "${TREZOR_GPG_USER_ID}"          # make sure this identity already exists
$ trezor-gpg create --subkey > identity.pub         # create new TREZOR-based GPG public key
$ gpg2 --import identity.pub                        # append it to existing identity

Generate GPG signatures using a TREZOR device:

$ trezor-gpg sign EXAMPLE                           # confirm signature using the device
$ gpg2 --verify EXAMPLE.asc                         # verify using standard GPG binary

Git commit/tag signature:

$ git config --local gpg.program "trezor-git-gpg-wrapper.sh"
$ git commit --gpg-sign                             # create GPG-signed commit
$ git log --show-signature                          # verify commits' signatures
$ git tag --sign "TAG"                              # create GPG-signed tag
$ git verify-tag "TAG"                              # verify tag signature