trezor-agent/README-GPG.md
2017-03-28 21:21:35 +03:00

2.9 KiB

Note: the GPG-related code is still under development, so please try the current implementation and feel free to report any issue you have encountered. Thanks!

Installation

First, verify that you have GPG 2.1.11+ installed (Debian, macOS):

$ gpg2 --version | head -n1
gpg (GnuPG) 2.1.15

This GPG version is included in Ubuntu 16.04 and Linux Mint 18.

Update you TREZOR firmware to the latest version (at least v1.4.0).

Install latest trezor-agent package from GitHub:

$ pip install --user git+https://github.com/romanz/trezor-agent.git

Quickstart

Identity creation

asciicast

Sample usage (signature and decryption)

asciicast

You can use GNU Privacy Assistant (GPA) in order to inspect the created keys and perform signature and decryption operations using:

$ sudo apt install gpa
$ ./scripts/gpg-shell gpa

GPA

Git commit & tag signatures:

Git can use GPG to sign and verify commits and tags (see here):

$ git config --local gpg.program $(which gpg2)
$ git commit --gpg-sign                      # create GPG-signed commit
$ git log --show-signature -1                # verify commit signature
$ git tag v1.2.3 --sign                      # create GPG-signed tag
$ git tag v1.2.3 --verify                    # verify tag signature

Password manager

First install pass from passwordstore.org and initialize it to use your TREZOR-based GPG identity:

$ ./scripts/gpg-shell
$ pass init "Roman Zeyde <roman.zeyde@gmail.com>"
Password store initialized for Roman Zeyde <roman.zeyde@gmail.com>

Then, you can generate truly random passwords and save them encrypted using your public key (as separate .gpg files under ~/.password-store/):

$ pass generate Dev/github 32
$ pass generate Social/hackernews 32
$ pass generate Social/twitter 32
$ pass generate VPS/linode 32
$ pass
Password Store
├── Dev
│   └── github
├── Social
│   ├── hackernews
│   └── twitter
└── VPS
    └── linode

In order to paste them into the browser, you'd need to decrypt the password using your hardware device:

$ pass --clip VPS/linode
Copied VPS/linode to clipboard. Will clear in 45 seconds.