romanz / trezor-agent Goto Github PK

Hardware-based SSH/GPG/age agent

License: GNU Lesser General Public License v3.0

Python 99.95% Shell 0.05%

python ssh gpg agent trezor keepkey ledger crypto hardware pgp

trezor-agent's Introduction

Hardware-based SSH/GPG/age agent

This project allows you to use various hardware security devices to operate GPG, SSH and age. Instead of keeping your key on your computer and decrypting it with a passphrase when you want to use it, the key is generated and stored on the device and never reaches your computer. Read more about the design here.

You can do things like sign your emails, git commits, and software packages, manage your passwords (with pass and passage, among others), authenticate web tunnels and file transfers, and more.

See the following blog posts about this tool:

Currently TREZOR One, TREZOR Model T, Keepkey, Blockstream Jade, Ledger Nano S, and OnlyKey are supported.

Components

This repository contains source code for one library as well as agents to interact with several different hardware devices:

libagent: shared library
trezor-agent: Using Trezor as hardware-based SSH/PGP/age agent
ledger_agent: Using Ledger as hardware-based SSH/PGP agent
jade_agent: Using Blockstream Jade as hardware-based SSH/PGP agent
keepkey_agent: Using KeepKey as hardware-based SSH/PGP agent
onlykey-agent: Using OnlyKey as hardware-based SSH/PGP agent

The /releases page on Github contains the libagent releases.

Documentation

Installation instructions are here
SSH instructions and common use cases are here
GPG instructions and common use cases are here
age instructions and common use cases are here
Instructions to configure a Trezor-style PIN entry program are here
Instructions for using the tools on Windows are here

trezor-agent's People

Contributors

Stargazers

Watchers

Forkers

boxup spamcop gitter-badger blinkystitt jhoenicke kleetus btchip trustcrypto np solution4future infertux bunjin scarvell donfanning jlambert68 f4bio nubis jb55 b17c01n timthelion deosai tmsrjs alexxnica kryndex fansari deosorg macil avishaan takeratta woozong aitorpazos dirkx dariusc93 eli-b jperryman23 slush0 w00t3k nico205 serge-name basnappl rendaw gbillou knaperek kvbik libdeos atdlib fdv pruflyos antoniorossi jesuscarvalho x1aose matejcik ebarnard blob42 quaternioneer walkjivefly segunda alexanderpavlenko proteanblank lab420 elcomtik zack-shoylev makk4 metaver5o hkjn onlykey zeus911 ekkarat-w-gmail-com swaaws masterscott epse hlad bellyfat ddrown nticompass 5l1v3r1 mavaa rryter viaskyse karunamon mycrypto mrosseel drbeefsupreme galuszkak th3architect yanganto tedstechshack jediry darkfeline svlima6669 thifofdeath jrruethe guangminglion superuserockx ureeves meafs mybluevan clehner senjuu dlitz

trezor-agent's Issues

Generate GPG revocation certificate for TREZOR-based keys

https://www.gnupg.org/faq/gnupg-faq.html#generate_revocation_certificate

trezor-agent - ssh still asking for password of server

Hi,
My Setup is: OS X 10.11.5, trezor (0.7.4), trezor-agent (0.7.2), Trezor Firmware 1.4.0

At the time I use an RSA Key to connect to my server. It does connect without asking for any password.

I added the public key generated by trezor-agent planitz.at to the .ssh/authorized_keys.

When I now try to connect to my server with trezor-agent -c it does still ask for my password on the server.

Best regards
roland

agent fails in non default GPG home directory

The agent won't find keys in a non default directory when it pipes gpg2 in keyring.py

Maybe --homedir could be passed along with the socket to listen to when starting the agent

Handle gpg-agent socket correctly for GPG 2.1.13+

Since Juny 8th, 2016, GPG uses /run/user/UID/gnupg instead of ~/.gnupg.
We should use:

$ gpgconf --list-dirs | grep 'agent-socket:'
agent-socket:/run/user/1000/gnupg/S.gpg-agent

Python 3 support

$ trezor-agent [email protected]

Traceback (most recent call last):
  File "/usr/local/bin/trezor-agent", line 9, in <module>
    load_entry_point('trezor-agent==0.6.5', 'console_scripts', 'trezor-agent')()
  File "/usr/local/lib/python3.5/site-packages/trezor_agent/__main__.py", line 131, in run_agent
    with client_factory(curve=args.ecdsa_curve_name) as conn:
  File "/usr/local/lib/python3.5/site-packages/trezor_agent/client.py", line 22, in __init__
    client_wrapper = loader()
  File "/usr/local/lib/python3.5/site-packages/trezor_agent/factory.py", line 86, in load
    device_list.extend(loader())
  File "/usr/local/lib/python3.5/site-packages/trezor_agent/factory.py", line 48, in _load_trezor
    from trezorlib.client import TrezorClient, CallException
  File "/usr/local/lib/python3.5/site-packages/trezorlib/client.py", line 7, in <module>
    import mapping
ImportError: No module named 'mapping'

I then tried $ pip install mapping which returned:

Collecting mapping Could not find a version that satisfies the requirement mapping (from versions: ) No matching distribution found for mapping

Mac OS X El Capitan 10.11.4
Trezor on the latest firmware

pkg_resources.ContextualVersionConflict with protobuf

trezor-agent --help
Traceback (most recent call last):
  File "/Users/bwstitt/.virtualenvs/trezor-agent/bin/trezor-agent", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/Users/bwstitt/.virtualenvs/trezor-agent/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2927, in <module>
    @_call_aside
  File "/Users/bwstitt/.virtualenvs/trezor-agent/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2913, in _call_aside
    f(*args, **kwargs)
  File "/Users/bwstitt/.virtualenvs/trezor-agent/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2940, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/Users/bwstitt/.virtualenvs/trezor-agent/lib/python2.7/site-packages/pkg_resources/__init__.py", line 637, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/Users/bwstitt/.virtualenvs/trezor-agent/lib/python2.7/site-packages/pkg_resources/__init__.py", line 650, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/Users/bwstitt/.virtualenvs/trezor-agent/lib/python2.7/site-packages/pkg_resources/__init__.py", line 834, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (protobuf 3.0.0b3 (/Users/bwstitt/.virtualenvs/trezor-agent/lib/python2.7/site-packages), Requirement.parse('protobuf==2.6.1'), set(['trezor']))

I searched through everything for ==2.6.1 and found two places: keepkey-0.7.0.dist-info/METADATA and trezor-0.6.12.post1.dist-info/METADATA

I think trezor-agent's setup.py needs to stick with 2.6.1 until these bump their versions

Install issues

My understanding is this is an official Trezor code base

When the device ships it says ~$25 for hardware ~$75 for "security services"

How about those services include an easy install. If I have to hot patch pip this is not an acceptable release path for paid for software.

GPG operations fail PIN entry

Using latest from master & trezor 0.7.5 I'm unable to perform any gpg operations requiring a pin

this command

 ./cmdtr.py sign_message -n "44'/0'/0'/0/0" "testing 123"

produces a usable, and different, not echoed to the terminal pinentry than when I run

 export [email protected]
 trezor-gpg -v agent 
 echo "sign this" | gpg2 --sign

Which uses some other method which echoes the pin (scrambled, of course) to the terminal - since scramble this is ok, but this will not accept an enter key - so doesn't allow the pin to be entered for signing

Use keygrip for selecting and loading the correct GPG key

Currently, we are using TREZOR_GPG_USER_ID to load the public key using gpg2 --export and then validating that we use the correct key via keygrip comparison - which can be simplified significantly by just computing the keygrips for all the keys available and choosing the correct one - or printing a human-readable error message when no key is found.

AttributeError: 'Namespace' object has no attribute 'run'

Installed trezor-agent as per readme, then as per readme for the gpg module on a clean Ubuntu 16 VM.

I'm not quite sure what I broke but the ssh-agent works fine.

Usage via SSH Config

Hi,

With your help I managed to work out all the errors, so now I can use my Trezor to connect to my Servers.

It is however a pain to use the trezor-agent. So I was thinking how I could include the trezor-agent into my previous workflow using my .ssh/config.

I have these settings, but now I am stuck. Any Ideas?

My settings:

Host trezor
        HostName planitz.at
        User roland
        Port 22

        ProxyCommand trezor-agent -e nist256p1 ssh://%r@%h:%p -- ssh -tt -l %r -p %p %h

With that SSH should in theory call trezor-agent to open the connection?

The trezor does ask me for the pin as well as a confirmation on the device.
But then It is stuck on an empty line that does nothing.

if I add a -v to the SSH command it gets stuck at:

OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /Users/roland/.ssh/config
debug1: /Users/roland/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to planitz.at [77.244.243.55] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /Users/roland/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/roland/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/roland/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/roland/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/roland/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/roland/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/roland/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/roland/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u3
debug1: match: OpenSSH_6.7p1 Debian-5+deb8u3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to planitz.at:22 as 'roland'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client [email protected] <implicit> [email protected]
debug1: kex: client->server [email protected] <implicit> [email protected]
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:Mtc5YQpTaNNdOklAElsd/7rqoE/oPkxaiMhQs1bBsrY
debug1: Host 'planitz.at' is known and matches the ECDSA host key.
debug1: Found key in /Users/roland/.ssh/known_hosts:10
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering ECDSA public key: ssh://[email protected]:22
debug1: Server accepts key: pkalg ecdsa-sha2-nistp256 blen 104
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to planitz.at ([77.244.243.55]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: tty_make_modes: no fd or tio
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8

adding another -v (now -vv) the last lines before it gets stuck are:

...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering ECDSA public key: ssh://[email protected]:22
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ecdsa-sha2-nistp256 blen 104
debug2: input_userauth_pk_ok: fp SHA256:u2fqSWHwe+2oM3OlxUJtD+4J+x9sDOMrqXbzE/wT/Us
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to planitz.at ([77.244.243.55]:22).
debug2: fd 6 setting O_NONBLOCK
debug2: fd 7 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug2: callback start
debug2: fd 3 setting TCP_NODELAY
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug1: tty_make_modes: no fd or tio
debug1: Sending environment.
debug1: Sending env LC_CTYPE = UTF-8
debug2: channel 0: request env confirm 0
debug2: channel 0: request shell confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0

Hope that helps

Best regards
Roland

Mac - GPG no longer working

Hi, I just tried to use the trezor agent like this:

export TREZOR_GPG_USER_ID="my_id"; trezor-gpg agent
2016-11-20 16:44:31,984 WARNING    This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility!

and in another window I try the following:

echo 'foo' | gpg2 --sign -u 'my_id' | gpg2 --verify
gpg: skipped 'my_key': No secret key
gpg: signing failed: No secret key
gig: verify signatures failed: Unknown system error

am I doing something wrong?

Best regards
Roland

AssertionError - Keygrip mismatch at `trezor-gpg agent` during sign operation

Hi,
My Setup is: OS X 10.11.5, trezor (0.7.4), trezor-agent (0.7.2), Trezor Firmware 1.4.0

When I use trezor-gpg -v agent, I sometimes get this error:

Traceback (most recent call last):
  File "/usr/local/bin/trezor-gpg", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/__main__.py", line 95, in main
    args.run(args)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/__main__.py", line 69, in run_agent
    agent.handle_connection(conn)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/agent.py", line 121, in handle_connection
    sig = pksign(keygrip, digest, algo)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/agent.py", line 49, in pksign
    assert pubkey.keygrip == binascii.unhexlify(keygrip)
AssertionError

Sometimes everything works fine for two or three times, and then I get this error for the rest of the day.

Is there something wrong with my Python installation?

Best Regards
Roland

How about using `cryptography` library?

https://cryptography.io/

What do you guys think about this lib? Would it be helpful? Maybe it could simplify the code? I'm digging into it 😃

Update "trezorlib" dependency after new PyPI release

In order to resolve trezor/python-trezor#77 issues for <=v0.7.4 versions.

Bug: Unable to enter port

Hello,

I have problem with using trezor-agent for ssh login with non standart port.
When I'm connecting to ssh server with standard config (trezor-agent -c -v [email protected]), then everything is ok and I get this:

2015-11-26 13:43:37,622 INFO getting "ssh://[email protected]" public key (nist256p1) from Trezor... [client.py:54]
Use the numeric keypad to describe number positions. The layout is:
7 8 9
4 5 6
1 2 3
Please enter current PIN:

2015-11-26 13:43:57,519 INFO please confirm user "user" login to "ssh://[email protected]" using Trezor... [client.py:67]
2015-11-26 13:43:59,741 INFO signature status: OK [protocol.py:95]

but when I want to connect to custom port using "trezor-agent -c -v [email protected]:port",
I get this output:

2015-11-26 13:20:02,721 INFO getting "ssh://[email protected]:port" public key (nist256p1) from Trezor... [client.py:54]
Use the numeric keypad to describe number positions. The layout is:
7 8 9
4 5 6
1 2 3
Please enter current PIN:

ssh: Could not resolve hostname my.home.server:port: Name or service not known
2015-11-26 13:20:18,221 INFO disconnected from Trezor [client.py:41]

And before you ask :) Yes, ssh is available on specified port and I'm able to connect to server through this port using normal ssh no matter if using alias in config file or by ssh with -p parameter.

When I looked in client.py it looks like that it's prepared for using ":port" after host name but something is wrong.

Strange error message about keepkey

I'm getting this weird error message whenever I run trezor-agent:

$ trezor-agent [...]
ERROR        Missing module: install via "pip install keepkey"                                                    [factory.py:77]
Traceback (most recent call last):
  File "[...]/trezor/lib/python3.5/site-packages/trezor_agent/factory.py", line 65, in _load_keepkey
    from keepkeylib.client import KeepKeyClient, CallException
ImportError: No module named 'keepkeylib'
[...]

Everything seems to work properly though. I guess it's working because it can still load trezorlib there?

If keepkeylib isn't strictly required, should this message be a friendly warning or maybe only displayed with --debug?

I'm using these versions:

$ pip list | grep trezor
trezor (0.7.4)
trezor-agent (0.7.0)

Handle other digest algorithms for GPG

See #22 (comment) for details.
We should ensure however at least 256 bits' digest.

github is rejecting my trezor-agent key

Hi,

I am trying to connect to git with my trezor.

To verify I tried to connect via ssh.

It prints me the fingerprint of the public key for the trezor key, and in my github settings the fingerprint matches. Github still ends every ssh connection with Permission denied (publickey).

I tried the nist256p1 as well as the ed25519 curve just to be sure.

[roland@Turtle:~/git/Master-Thesis] % trezor-agent -v -e ed25519 ssh://[email protected]:22 -cvv
2016-10-18 14:21:50,615 DEBUG        connected to Trezor 79D99D130E0C8CA632F860E3                                                         [factory.py:30]
2016-10-18 14:21:50,616 DEBUG        label    : planitz                                                                                   [factory.py:31]
2016-10-18 14:21:50,616 DEBUG        vendor   : bitcointrezor.com                                                                         [factory.py:32]
2016-10-18 14:21:50,616 DEBUG        version  : 1.4.0                                                                                     [factory.py:36]
2016-10-18 14:21:50,616 DEBUG        revision : e0e190b3dc29bcb0f6ab9699c439fe7bfbcde370                                                  [factory.py:37]
2016-10-18 14:21:50,683 DEBUG        parsed identity: {'path': None, 'host': 'github.com', 'proto': 'ssh', 'port': '22', 'user': 'git'}   [util.py:198]
2016-10-18 14:21:50,683 INFO         getting "ssh://[email protected]:22" public key (ed25519) from Trezor...                                [client.py:50]
2016-10-18 14:21:50,684 DEBUG        address string: '\x00\x00\x00\x00ssh://[email protected]:22'                                            [util.py:222]
2016-10-18 14:21:51,022 DEBUG        fingerprint: cc:bb:d6:60:ea:d0:a3:dd:46:f3:00:c9:1f:ae:a7:9f                                         [formats.py:185]
2016-10-18 14:21:51,022 DEBUG        parsed identity: {'path': None, 'host': 'github.com', 'proto': 'ssh', 'port': '22', 'user': 'git'}   [util.py:198]
2016-10-18 14:21:51,023 DEBUG        SSH connect: ['ssh', '-p', '22', '-l', 'git', 'github.com']                                          [__main__.py:145]
2016-10-18 14:21:51,023 DEBUG        loading SSH public key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDTpGQaFvM9QVXL5wX+YxnThTnFD7BdUfLJqXXkv0Mx5 ssh://[email protected]:22\n' [formats.py:192]
2016-10-18 14:21:51,023 DEBUG        key type: ssh-ed25519                                                                                [formats.py:55]
2016-10-18 14:21:51,023 DEBUG        loaded ssh-ed25519 public key: cc:bb:d6:60:ea:d0:a3:dd:46:f3:00:c9:1f:ae:a7:9f                       [formats.py:198]
2016-10-18 14:21:51,024 INFO         using SSH public key: cc:bb:d6:60:ea:d0:a3:dd:46:f3:00:c9:1f:ae:a7:9f                                [__main__.py:110]
2016-10-18 14:21:51,034 DEBUG        serving on SSH_AUTH_SOCK=/var/folders/r2/jgk0wbp50m79zxb1fk0rxhbh0000gn/T/ssh-agent-2JCGsL           [server.py:33]
2016-10-18 14:21:51,035 DEBUG        server thread started                                                                                [server.py:82]
2016-10-18 14:21:51,035 DEBUG        waiting for connection on /var/folders/r2/jgk0wbp50m79zxb1fk0rxhbh0000gn/T/ssh-agent-2JCGsL          [server.py:90]
2016-10-18 14:21:51,035 INFO         running ['ssh', '-p', '22', '-l', 'git', 'github.com'] with {'SSH_AUTH_SOCK': '/var/folders/r2/jgk0wbp50m79zxb1fk0rxhbh0000gn/T/ssh-agent-2JCGsL', 'SSH_AGENT_PID': '7082'} [server.py:140]
2016-10-18 14:21:51,042 DEBUG        subprocess 7083 is running                                                                           [server.py:147]
2016-10-18 14:21:51,800 DEBUG        welcome agent                                                                                        [server.py:53]
2016-10-18 14:21:51,800 DEBUG        request: 1 bytes                                                                                     [protocol.py:94]
2016-10-18 14:21:51,800 DEBUG        calling list_pubs()                                                                                  [protocol.py:102]
2016-10-18 14:21:51,800 DEBUG        available keys: ['ssh://[email protected]:22']                                                          [protocol.py:114]
2016-10-18 14:21:51,801 DEBUG         1) cc:bb:d6:60:ea:d0:a3:dd:46:f3:00:c9:1f:ae:a7:9f                                                  [protocol.py:116]
2016-10-18 14:21:51,801 DEBUG        reply: 91 bytes                                                                                      [protocol.py:105]
Permission denied (publickey).
2016-10-18 14:21:51,913 DEBUG        goodbye agent                                                                                        [server.py:59]
2016-10-18 14:21:51,913 DEBUG        waiting for connection on /var/folders/r2/jgk0wbp50m79zxb1fk0rxhbh0000gn/T/ssh-agent-2JCGsL          [server.py:90]
2016-10-18 14:21:51,914 DEBUG        subprocess 7083 exited: 255                                                                          [server.py:149]
2016-10-18 14:21:51,914 DEBUG        closing server                                                                                       [server.py:130]
2016-10-18 14:21:52,018 DEBUG        server stopped                                                                                       [server.py:94]
2016-10-18 14:21:52,018 DEBUG        server thread stopped                                                                                [server.py:98]
2016-10-18 14:21:52,019 INFO         disconnected from Trezor                                                                             [client.py:35]

Any thoughts?

best regards
roland

SSHFS usage

Can this also be used for sshfs?
If not, that would be cool.

Allow opening multiple SSH connections with different identities concurrently

Currently, trezor-agent "grabs" the USB device during the whole session, with a single SSH identity.

Add Python 3 support for ledger-related code at factory.py

Wrong permissions in protobuf library

Perhaps it should be mentioned in the the README (or better: be fixed) that the protobuf library comes with wrong permissions. Running as unprivileged user I got this error:

fansari@bat ~]$ trezor-agent raspi
2016-09-03 12:44:21,906 ERROR        Missing module: install via "pip install trezor"                                                     [factory.py:62]
Traceback (most recent call last):
  File "build/bdist.linux-x86_64/egg/trezor_agent/factory.py", line 50, in _load_trezor
    from trezorlib.client import TrezorClient, CallException
  File "/usr/lib/python2.7/site-packages/trezor-0.7.0-py2.7.egg/trezorlib/client.py", line 15, in <module>
    from . import mapping
  File "/usr/lib/python2.7/site-packages/trezor-0.7.0-py2.7.egg/trezorlib/mapping.py", line 1, in <module>
    from . import messages_pb2 as proto
  File "/usr/lib/python2.7/site-packages/trezor-0.7.0-py2.7.egg/trezorlib/messages_pb2.py", line 6, in <module>
    from google.protobuf.internal import enum_type_wrapper
ImportError: cannot import name enum_type_wrapper
2016-09-03 12:44:21,912 ERROR        Missing module: install via "pip install keepkey"                                                    [factory.py:79]
Traceback (most recent call last):
  File "build/bdist.linux-x86_64/egg/trezor_agent/factory.py", line 67, in _load_keepkey
    from keepkeylib.client import KeepKeyClient, CallException
  File "/usr/lib/python2.7/site-packages/keepkeylib/client.py", line 15, in <module>
    from . import mapping
  File "/usr/lib/python2.7/site-packages/keepkeylib/mapping.py", line 1, in <module>
    from . import messages_pb2 as proto
  File "/usr/lib/python2.7/site-packages/keepkeylib/messages_pb2.py", line 4, in <module>
    from google.protobuf.internal import enum_type_wrapper
ImportError: cannot import name enum_type_wrapper
2016-09-03 12:44:21,917 ERROR        Connection error: 0 devices found

A workaround is fixing the probobuf permsisions manually:

chmod -R o+r /usr/lib/python2.7/site-packages/protobuf-3.0.0-py2.7.egg

See also here:
protocolbuffers/protobuf#737

Add GPA usage example

GPG subkey fails on OSX 10.10.5 homebrew python 2.7

$ gpg2 --edit "${TREZOR_GPG_USER_ID}" trust
gpg (GnuPG/MacGPG2) 2.0.30; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


gpg: checking the trustdb
gpg: public key of ultimately trusted key 21E44D27 not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   4  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: next trustdb check due at 2018-08-19
pub     0E/FEB0D0AF  created: 2016-10-14  expires: never       usage: SCA
                     trust: ultimate      validity: ultimate
[ultimate] (1). Dmytro Leonenko TREZOR <[email protected]>

pub     0E/FEB0D0AF  created: 2016-10-14  expires: never       usage: SCA
                     trust: ultimate      validity: ultimate
[ultimate] (1). Dmytro Leonenko TREZOR <[email protected]>

$ gpg --version
gpg (GnuPG/MacGPG2) 2.0.30
libgcrypt 1.7.0
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

latest trezor (git) and trezor_agent(git)
trezor firmware 1.4.0

The issue:

$ trezor-gpg create --subkey
2016-10-14 11:56:09,745 WARNING    This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility!
2016-10-14 11:56:09,745 WARNING    NOTE: in order to re-generate the exact same GPG key later, run this command with "--time=1476435369" commandline flag (to set the timestamp of the GPG key manually).
2016-10-14 11:56:09,927 WARNING    No module named keepkeylib.client: install via "pip install keepkey" if you need to support this device
Traceback (most recent call last):
  File "/usr/local/bin/trezor-gpg", line 11, in <module>
    sys.exit(main())
  File "/Users/admin/Library/Python/2.7/lib/python/site-packages/trezor_agent/gpg/__main__.py", line 95, in main
    args.run(args)
  File "/Users/admin/Library/Python/2.7/lib/python/site-packages/trezor_agent/gpg/__main__.py", line 39, in run_create
    signer_func=conn.sign)
  File "/Users/admin/Library/Python/2.7/lib/python/site-packages/trezor_agent/gpg/encode.py", line 124, in create_subkey
    primary = decode.load_public_key(primary_bytes)
  File "/Users/admin/Library/Python/2.7/lib/python/site-packages/trezor_agent/gpg/decode.py", line 320, in load_public_key
    pubkey, userid, signature = packets[:3]
ValueError: need more than 2 values to unpack

[ledger] Can't force-push using trezor-git

$ ~/Documents/project$ trezor-git push origin branchname -f
usage: trezor-git [-h] [-v] [-e CURVE] [--timeout TIMEOUT] [--debug]
[-r REMOTE] [-t]
[ARGUMENT [ARGUMENT ...]]
trezor-git: error: unrecognized arguments: -f

If you need any more help duplicating this let me know.

Agent opens TREZOR U2F interface thinking it is regular HID

For some reason you don't use the provided enumerate method, but ended up writing your own. Your code does not perform any check for usage_page nor interface number like defined in our transport_hid.py. This leads to opening U2F interface from time to time resulting in trezor/python-trezor#76

Agent doesn't exit when SSH session ends

 ⚙ username@workstation > ~ > trezor-agent -vvvvv -c [email protected]
2016-01-05 15:11:55,546 DEBUG        connected to Trezor 358EB5A28279FB09FDA78CE9                                                         [client.py:23]
2016-01-05 15:11:55,546 DEBUG        label    : Trezor                                                                                    [client.py:24]
2016-01-05 15:11:55,546 DEBUG        vendor   : bitcointrezor.com                                                                         [client.py:25]
2016-01-05 15:11:55,546 DEBUG        version  : 1.3.4                                                                                     [client.py:28]
2016-01-05 15:11:55,546 DEBUG        revision : db93a50f76204418a2cf7d2c7e0391f486729bf3                                                  [client.py:29]
2016-01-05 15:11:55,560 DEBUG        parsed identity: {'path': None, 'host': 'server.example.com', 'proto': None, 'port': None, 'user': 'username'}  [client.py:101]
2016-01-05 15:11:55,561 INFO         getting "ssh://[email protected]" public key (nist256p1) from Trezor...                               [client.py:54]
2016-01-05 15:11:55,561 DEBUG        address string: '\x00\x00\x00\x00ssh://[email protected]'                                             [client.py:123]
Use the numeric keypad to describe number positions. The layout is:
    7 8 9
    4 5 6
    1 2 3
Please enter current PIN:

2016-01-05 15:12:19,422 DEBUG        fingerprint: 25:ef:06:74:6a:3a:fb:d2:3e:d1:99:aa:c9:07:da:78                                         [formats.py:141]
2016-01-05 15:12:19,422 DEBUG        parsed identity: {'path': None, 'host': 'server.example.com', 'proto': None, 'port': None, 'user': 'username'}  [client.py:101]
2016-01-05 15:12:19,422 DEBUG        SSH connect: ['ssh', '-l', 'username', 'server.example.com']                                                    [__main__.py:109]
2016-01-05 15:12:19,425 DEBUG        loading SSH public key: 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBgVDxlnq7abeYYL4Ga96ONAhFkznTm0z824iV7D2euJKZpf5U+pTtsjhxgiVKE8hHjTD9bD/PNp8wXNGwt3T7E= ssh://[email protected]\n' [formats.py:148]
2016-01-05 15:12:19,426 DEBUG        key type: ecdsa-sha2-nistp256                                                                        [formats.py:37]
2016-01-05 15:12:19,426 DEBUG        curve name: nistp256                                                                                 [formats.py:44]
2016-01-05 15:12:19,426 DEBUG        loaded ecdsa-sha2-nistp256 public key: 25:ef:06:74:6a:3a:fb:d2:3e:d1:99:aa:c9:07:da:78               [formats.py:154]
2016-01-05 15:12:19,426 DEBUG        serving on SSH_AUTH_SOCK=/var/folders/s5/1f6r4kbj6v70f3dp96n8bm9r00056p/T/ssh-agent-UH1bVZ           [server.py:26]
2016-01-05 15:12:19,426 DEBUG        server thread started                                                                                [server.py:53]
2016-01-05 15:12:19,426 DEBUG        running ['ssh', '-l', 'username', 'server.example.com'] with {'SSH_AUTH_SOCK': '/var/folders/s5/1f6r4kbj6v70f3dp96n8bm9r00056p/T/ssh-agent-UH1bVZ', 'SSH_AGENT_PID': '5533'} [server.py:92]
2016-01-05 15:12:19,426 DEBUG        waiting for connection on /var/folders/s5/1f6r4kbj6v70f3dp96n8bm9r00056p/T/ssh-agent-UH1bVZ          [server.py:55]
2016-01-05 15:12:19,429 DEBUG        subprocess 5543 is running                                                                           [server.py:99]
[detached (from session 0)]
 username@server > ~ >
Shared connection to server.example.com closed.
2016-01-05 15:13:50,986 DEBUG        subprocess 5543 exited: 0                                                                            [server.py:101]
2016-01-05 15:13:50,986 DEBUG        closing server                                                                                       [server.py:87]
2016-01-05 15:13:50,987 INFO         disconnected from Trezor                                                                             [client.py:41]
Traceback (most recent call last):
  File "/usr/local/bin/trezor-agent", line 11, in <module>
    sys.exit(trezor_agent())
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/__main__.py", line 129, in trezor_agent
    run_agent(trezor.Client)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/__main__.py", line 123, in run_agent
    use_shell=use_shell)
  File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/contextlib.py", line 24, in __exit__
    self.gen.next()
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/server.py", line 88, in serve
    server.shutdown(socket.SHUT_RD)
  File "/usr/local/Cellar/python/2.7.11/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 57] Socket is not connected
^C^C^C^C^C^C^Z
[1]  + 5533 suspended  trezor-agent -vvvvv -c [email protected]
 ✘ ⚙ username@workstation > ~ > kill %1
[1]  + 5533 terminated  trezor-agent -vvvvv -c [email protected]
 ⚙ username@workstation > ~ >

Create correct GPG subpackets (according to OpenPGP RFC)

https://tools.ietf.org/html/rfc4880#section-5.2.3.1

Following #30, this code should be changed as well.

Documenting GPG key creation time for backup

There's already an option to set it - but it's IMHO important to highlight in the documentation that users should write it down / assign a fixed value when creating the key as this part is not available on device, and would prevent from generating a key with the same ID when restoring.

It could also be part of a wider abstraction for devices offering a secure RTC.

Handle 'S PROGRESS need_entropy [...]' replies from gpg-agent

This happened during RSA signature:

gpg-connect-agent: no running gpg-agent - starting '/usr/local/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
2016-10-20 12:20:59,287 DEBUG        hashing 378 bytes                                                                                    [protocol.py:263]
2016-10-20 12:20:59,288 DEBUG        signing digest: 40E05004B3110CDF99841FBED5EA0A62E905F926C0FE240CED75E7A86FE52EDA                     [protocol.py:265]
2016-10-20 12:20:59,288 DEBUG        <- 'RESET'                                                                                           [keyring.py:41]
2016-10-20 12:20:59,288 DEBUG        -> 'OK Pleased to meet you, process 10335'                                                           [keyring.py:59]
2016-10-20 12:20:59,293 DEBUG        <- 'OPTION ttyname=/dev/pts/0'                                                                       [keyring.py:41]
2016-10-20 12:20:59,294 DEBUG        -> 'OK'                                                                                              [keyring.py:59]
2016-10-20 12:20:59,294 DEBUG        <- 'OPTION display=:0'                                                                               [keyring.py:41]
2016-10-20 12:20:59,294 DEBUG        -> 'OK'                                                                                              [keyring.py:59]
2016-10-20 12:20:59,294 DEBUG        <- 'SIGKEY 67DDBEE9C0D007C7E00F7C3C30EF3C09D0AA4E3B'                                                 [keyring.py:41]
2016-10-20 12:20:59,294 DEBUG        -> 'OK'                                                                                              [keyring.py:59]
2016-10-20 12:20:59,295 DEBUG        <- 'SETHASH 8 40E05004B3110CDF99841FBED5EA0A62E905F926C0FE240CED75E7A86FE52EDA'                      [keyring.py:41]
2016-10-20 12:20:59,295 DEBUG        -> 'OK'                                                                                              [keyring.py:59]
2016-10-20 12:20:59,295 DEBUG        <- 'SETKEYDESC Sign+a+new+TREZOR-based+subkey'                                                       [keyring.py:41]
2016-10-20 12:20:59,295 DEBUG        -> 'OK'                                                                                              [keyring.py:59]
2016-10-20 12:20:59,295 DEBUG        <- 'PKSIGN'                                                                                          [keyring.py:41]
2016-10-20 12:20:59,295 DEBUG        -> 'OK'                                                                                              [keyring.py:59]
2016-10-20 12:20:59,297 DEBUG        -> 'S PROGRESS need_entropy X 30 120'                                                                [keyring.py:59]
2016-10-20 12:20:59,298 DEBUG        unescaped: 'S PROGRESS need_entropy X 30 120'                                                        [keyring.py:163]
Traceback (most recent call last):
  File "/home/roman/.local/bin/trezor-gpg", line 11, in <module>
    load_entry_point('trezor-agent', 'console_scripts', 'trezor-gpg')()
  File "/media/oldhome/roman/Code/trezor/trezor-agent/trezor_agent/gpg/__main__.py", line 102, in main
    args.run(args)
  File "/media/oldhome/roman/Code/trezor/trezor-agent/trezor_agent/gpg/__main__.py", line 39, in run_create
    signer_func=conn.sign)
  File "/media/oldhome/roman/Code/trezor/trezor-agent/trezor_agent/gpg/encode.py", line 99, in create_subkey
    unhashed_subpackets=unhashed_subpackets)
  File "/media/oldhome/roman/Code/trezor/trezor-agent/trezor_agent/gpg/protocol.py", line 266, in make_signature
    params = signer_func(digest=digest)
  File "/media/oldhome/roman/Code/trezor/trezor-agent/trezor_agent/gpg/keyring.py", line 222, in sign
    return sign_digest(sock=sock, keygrip=keygrip, digest=digest)
  File "/media/oldhome/roman/Code/trezor/trezor-agent/trezor_agent/gpg/keyring.py", line 166, in sign_digest
    raise ValueError(prefix)
ValueError: S

Use `--agent-program` at `gpg.conf` (to launch `trezor-gpg agent`)

Instead of launching manually it via gpg-shell.

GPG pip install fail

$ pip install --user git+https://github.com/romanz/trezor-agent.git@gpg-agent
Collecting git+https://github.com/romanz/trezor-agent.git@gpg-agent
  Cloning https://github.com/romanz/trezor-agent.git (to gpg-agent) to /tmp/pip-MLFnJN-build
  Could not find a tag or branch 'gpg-agent', assuming commit.
error: pathspec 'gpg-agent' did not match any file(s) known to git.
Command "git checkout -q gpg-agent" failed with error code 1 in /tmp/pip-MLFnJN-build

Indeed, there's no gpg-agent branch to be found on github? Seems it's merged and instructions not updated?

Unsupported key type 10 when trying to connect

When I'm trying to connect over ssh with the trezor-agent I receive the following error:

2016-05-06 11:42:40,485 INFO running ['ssh', '-l', 'pi', 'pi.local'] with {'SSH_AUTH_SOCK': '/var/folders/4x/l00r0qqx6gd8r50218rkf0kc0000gn/T/ssh-agent-eNZO50', 'SSH_AGENT_PID': '14598'} [server.py:140]
key_from_blob: remaining bytes in key blob 81
key_to_blob: unsupported key type 10

The actions I took for getting this to work:
trezor-agent [email protected] (+ adding theecdsa-sha2-nistp256 public key to authorized_keys file of remote server)
trezor-agent -v [email protected] --connect --debug

I tried this with multiple server and got the same error, this leads me to think the problem is not at the server side.

Trezor firmware: 1.3.5
ssh -V (on server/raspberry pi): OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
Laptop running trezor-agent: OSX 10.10.5

[Question] What’s the correct workflow to use?

Hi!

I’m just trying to use my TREZOR as a SSH agent and I find it really difficult to actually use it for this. Everytime I’m using trezor-agent or trezor-git it asks me for my PIN and then to confirm the use on the TREZOR. So how is it usable on a day-to-day basis?
What am I missing here?

Thanks :)

cannot open more than one session

I found your explanation how to use multiple sessions with a sub shell.

https://asciinema.org/a/33240

For me this does not work. First of all I have to export SSH_AUTH_SOCK and SSH_AGENT_PID before I can do "ssh-add -L".

After I have done this I can ssh a host from this window or open another Gnome terminal and ssh from there.

But: once one connection is opened I cannot open a second one.

Logfile from ssh: ssh.txt

Add better unit tests and refactor GPG public key decoding

Add multiple test vectors for testing various public key algorithms, packet and signature types.

GPG 2.1.13 signature fails to find the private key on TREZOR

Reported by @fansari at #22:

The setup of the gpg key works. But then the first test fails.

$TREZOR_GPG_USER_ID is set and "trezor-gpg agent" was started.

[fansari@bat ~]$ echo "Hello World!" | gpg2 --sign
gpg: no default secret key: No secret key
gpg: signing failed: No secret key

In case you need this information:

[fansari@bat ~]$ gpg2 --export | gpg2 --list-packets
# off=0 ctb=98 tag=6 hlen=2 plen=82
:public key packet:
    version 4, algo 19, created 1472909905, expires 0
    pkey[0]: [72 bits] nistp256 (1.2.840.10045.3.1.7)
    pkey[1]: [515 bits]
    keyid: 754A6607A3732797
# off=84 ctb=b4 tag=13 hlen=2 plen=35
:user ID packet: "Frank Ansari <[email protected]>"
# off=121 ctb=88 tag=2 hlen=2 plen=121
:signature packet: algo 19, keyid 754A6607A3732797
    version 4, created 1472909905, md5len 0, sigclass 0x13
    digest algo 8, begin of digest 2c 29
    hashed subpkt 2 len 4 (sig created 2016-09-03)
    hashed subpkt 11 len 1 (pref-sym-algos: 9)
    hashed subpkt 27 len 1 (key flags: 03)
    hashed subpkt 21 len 1 (pref-hash-algos: 8)
    hashed subpkt 22 len 1 (pref-zip-algos: 0)
    hashed subpkt 23 len 1 (keyserver preferences: 80)
    subpkt 16 len 8 (issuer key ID 754A6607A3732797)
    subpkt 100 len 10 (experimental / private subpacket)
    data: [256 bits]
    data: [255 bits]
# off=244 ctb=b8 tag=14 hlen=2 plen=86
:public sub key packet:
    version 4, algo 18, created 1472909905, expires 0
    pkey[0]: [72 bits] nistp256 (1.2.840.10045.3.1.7)
    pkey[1]: [515 bits]
    pkey[2]: [32 bits]
    keyid: A9B2340367880C94
# off=332 ctb=88 tag=2 hlen=2 plen=109
:signature packet: algo 19, keyid 754A6607A3732797
    version 4, created 1472909905, md5len 0, sigclass 0x18
    digest algo 8, begin of digest 95 12
    hashed subpkt 2 len 4 (sig created 2016-09-03)
    hashed subpkt 27 len 1 (key flags: 0C)
    subpkt 16 len 8 (issuer key ID 754A6607A3732797)
    subpkt 100 len 10 (experimental / private subpacket)
    data: [256 bits]
    data: [252 bits

GPG subkey creation fails

$ trezor-gpg create --subkey | gpg2 --import
2016-08-25 12:23:42,814 WARNING    RSA signatures are not verified
2016-08-25 12:23:42,819 WARNING    RSA signatures are not verified
2016-08-25 12:23:42,820 WARNING    public key D9200E6CD1ADB8F1 is not verified!
2016-08-25 12:23:42,820 INFO       adding subkey to primary GPG key "Rusty Russell <[email protected]>"
2016-08-25 12:23:42,820 INFO       confirm signing with new subkey
2016-08-25 12:24:58,487 INFO       confirm signing with primary key
gpg: checking the trustdb
gpg: keyring_search failed: Legacy key
gpg: failed to rebuild keyring cache: Legacy key
gpg: marginals needed: 3  completes needed: 1  trust model: PGP
gpg: depth: 0  valid:   1  signed:  33  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  33  signed:  10  trust: 33-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2017-10-04
Traceback (most recent call last):
  File "/home/rusty/.local/bin/trezor-gpg", line 11, in <module>
    load_entry_point('trezor-agent==0.6.5', 'console_scripts', 'trezor-gpg')()
  File "/home/rusty/.local/lib/python2.7/site-packages/trezor_agent/gpg/__main__.py", line 92, in main
    args.run(args)
  File "/home/rusty/.local/lib/python2.7/site-packages/trezor_agent/gpg/__main__.py", line 39, in run_create
    signer_func=conn.sign)
  File "/home/rusty/.local/lib/python2.7/site-packages/trezor_agent/gpg/encode.py", line 164, in create_subkey
    signer_func = AgentSigner(primary['user_id']).sign
  File "/home/rusty/.local/lib/python2.7/site-packages/trezor_agent/gpg/encode.py", line 65, in __init__
    self.keygrip = keyring.get_keygrip(user_id)
  File "/home/rusty/.local/lib/python2.7/site-packages/trezor_agent/gpg/keyring.py", line 186, in get_keygrip
    output = sp.check_output(args).decode('ascii')
  File "/usr/lib/python2.7/subprocess.py", line 574, in check_output
    raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['gpg2', '--list-keys', '--with-keygrip', 'Rusty Russell <[email protected]>']' returned non-zero exit status 2
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

wish: use trezor as hardware gpg agent

is this on the roadmap?

it would be totally awesome?

would anything be required from libgpg?

side note: as with the bitcoin keys, everything is recoverable if you have passphrase... right?

this would compete with (trapped forever in dev mode?)

http://trilema.com/2013/snsa-first-product-the-cardano/

Ideally, the trezor would never leak keys, even on a compromised computer. Actually I don't know if that's possible with the computing power on trezor. I guess signing hashes should be fine, but I don't kow if there is enough power there to encrypt/decrypt. Even just signatures would be great though, and it would be great advertisement for trezor.

In practice, I think authentication matters more than secrecy these days. (Look at what happened with bitpay heist because they weren't signing their emails.)

Error with ./scripts/gpg-init on OS X

Latest version of trezor-agent gpg-init script will not run on osx due to differences in sed options.

Need to change FINGERPRINT line from:

FINGERPRINT=$(gpg2 --homedir "${HOMEDIR}" --list-public-keys --with-colons | sed --quiet --regexp-extended 's/^fpr:::::::::([0-9A-F]+):$/\1/p' | head -n1)

To:

FINGERPRINT=$(gpg2 --homedir "${HOMEDIR}" --list-public-keys --with-colons | sed -n -E 's/^fpr:::::::::([0-9A-F]+):$/\1/p' | head -n1)

Hope this can help someone else :). Thanks for the trezor-agent Roman.

gpg encryption fails with Curve25519

gpg encryption seems to fail because compressed keys are not handled for that scheme. It could be interesting to test with non compressed keys, I didn't try that yet.

Cannot start trezor-agent anymore

Hi,

when I install the latest version and run it I get this error message:

fansari@bat trezor-agent]$ trezor-agent -c magpie
Traceback (most recent call last):
  File "/usr/bin/trezor-agent", line 11, in <module>
    load_entry_point('trezor-agent==0.7.5', 'console_scripts', 'trezor-agent')()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 564, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2608, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2268, in load
    return self.resolve()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2274, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "build/bdist.linux-x86_64/egg/trezor_agent/__main__.py", line 10, in <module>
ImportError: cannot import name device

Support ElGamal and DSA keys in trezor-gpg

My existing public key uses ElGamal and DSA keys. Currently trezor-gpg fails when parsing these keys. I have a quick'n dirty patch here:

jhoenicke@9229ad2

Note that I disabled signature checking, as I was too lazy to implement it for DSA. Do you plan to support all gpg verify operations, or do you think it makes more sense to just skip unknown public keys without parsing them and checking their signatures? Note also that this commit is signed by my Trezor 👍 using a new subkey in my existing gpg key.

Fails on Mac OS X

I tried it with both Trezor and KeepKey, same result. Here's the output:

bash-3.2$ trezor-agent [email protected] -c -vv
2016-01-15 15:32:13,049 DEBUG        connected to KeepKey 71A98D347CD0892AFEC4501E                                                        [factory.py:26]
2016-01-15 15:32:13,049 DEBUG        label    : empty                                                                                     [factory.py:27]
2016-01-15 15:32:13,049 DEBUG        vendor   : keepkey.com                                                                               [factory.py:28]
2016-01-15 15:32:13,049 DEBUG        version  : 1.0.4                                                                                     [factory.py:32]
2016-01-15 15:32:13,049 DEBUG        revision : 0c1cae8edc16ff2241aefd659d113cc0d6b65b10                                                  [factory.py:33]
2016-01-15 15:32:13,051 DEBUG        parsed identity: {'path': None, 'host': '192.168.1.126', 'proto': None, 'port': None, 'user': 'kenheut'} [client.py:88]
2016-01-15 15:32:13,052 INFO         getting "ssh://[email protected]" public key (nist256p1) from KeepKey...                         [client.py:41]
2016-01-15 15:32:13,052 DEBUG        address string: '\x00\x00\x00\x00ssh://[email protected]'                                        [client.py:110]
Use the numeric keypad to describe number positions. The layout is:
    7 8 9
    4 5 6
    1 2 3
Please enter current PIN: 

2016-01-15 15:32:17,627 DEBUG        fingerprint: 30:76:db:4c:32:67:16:3d:2f:c7:92:48:5a:f6:d4:c0                                         [formats.py:142]
2016-01-15 15:32:17,627 DEBUG        parsed identity: {'path': None, 'host': '192.168.1.126', 'proto': None, 'port': None, 'user': 'kenheut'} [client.py:88]
2016-01-15 15:32:17,627 DEBUG        SSH connect: ['ssh', '-l', 'kenheut', '192.168.1.126']                                               [__main__.py:107]
2016-01-15 15:32:17,629 DEBUG        loading SSH public key: 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN7zpDDG5rZ3+yuhw68f60SDVEyReMZr+3hRnEUkKlTCtD504vhmns1dU7qE6TURc1ZnNEOhpyWbfrKQeePu5U0= ssh://[email protected]\n' [formats.py:149]
2016-01-15 15:32:17,630 DEBUG        key type: ecdsa-sha2-nistp256                                                                        [formats.py:38]
2016-01-15 15:32:17,630 DEBUG        curve name: nistp256                                                                                 [formats.py:45]
2016-01-15 15:32:17,630 DEBUG        loaded ecdsa-sha2-nistp256 public key: 30:76:db:4c:32:67:16:3d:2f:c7:92:48:5a:f6:d4:c0               [formats.py:155]
2016-01-15 15:32:17,630 DEBUG        serving on SSH_AUTH_SOCK=/var/folders/nq/1lv_2c391pqd8xl0kyj8qk5h0000gn/T/ssh-agent-nb7Rof           [server.py:26]
2016-01-15 15:32:17,630 DEBUG        server thread started                                                                                [server.py:62]
2016-01-15 15:32:17,630 INFO         running ['ssh', '-l', 'kenheut', '192.168.1.126'] with {'SSH_AUTH_SOCK': '/var/folders/nq/1lv_2c391pqd8xl0kyj8qk5h0000gn/T/ssh-agent-nb7Rof', 'SSH_AGENT_PID': '44920'} [server.py:109]
2016-01-15 15:32:17,630 DEBUG        waiting for connection on /var/folders/nq/1lv_2c391pqd8xl0kyj8qk5h0000gn/T/ssh-agent-nb7Rof          [server.py:69]
2016-01-15 15:32:17,634 DEBUG        subprocess 44923 is running                                                                          [server.py:116]
2016-01-15 15:32:17,699 DEBUG        welcome agent                                                                                        [server.py:40]
2016-01-15 15:32:17,699 DEBUG        request: 1 bytes                                                                                     [protocol.py:43]
2016-01-15 15:32:17,699 DEBUG        calling list_pubs()                                                                                  [protocol.py:47]
2016-01-15 15:32:17,699 DEBUG        available keys: ['ssh://[email protected]']                                                      [protocol.py:66]
2016-01-15 15:32:17,699 DEBUG         1) 30:76:db:4c:32:67:16:3d:2f:c7:92:48:5a:f6:d4:c0                                                  [protocol.py:68]
2016-01-15 15:32:17,699 DEBUG        reply: 148 bytes                                                                                     [protocol.py:49]
2016-01-15 15:32:17,700 WARNING      error: [Errno 35] Resource temporarily unavailable                                                   [server.py:48]
Traceback (most recent call last):
  File "build/bdist.macosx-10.10-x86_64/egg/trezor_agent/server.py", line 42, in handle_connection
    msg = util.read_frame(conn)
  File "build/bdist.macosx-10.10-x86_64/egg/trezor_agent/util.py", line 37, in read_frame
    size, = recv(conn, '>L')
  File "build/bdist.macosx-10.10-x86_64/egg/trezor_agent/util.py", line 24, in recv
    buf = _read(size)
error: [Errno 35] Resource temporarily unavailable
2016-01-15 15:32:17,700 DEBUG        waiting for connection on /var/folders/nq/1lv_2c391pqd8xl0kyj8qk5h0000gn/T/ssh-agent-nb7Rof          [server.py:69]
[email protected]'s password: 
2016-01-15 15:32:20,880 DEBUG        closing server                                                                                       [server.py:104]
2016-01-15 15:32:20,880 INFO         server stopped                                                                                       [__main__.py:123]
2016-01-15 15:32:20,880 INFO         disconnected from KeepKey                                                                            [client.py:28]
2016-01-15 15:32:20,921 DEBUG        server stopped                                                                                       [server.py:73]
2016-01-15 15:32:20,921 DEBUG        server thread stopped                                                                                [server.py:77]

MacPro installation fails to create `trezor-*` utilities

Hi, on my MacBook Air I installed trezor-agent probably a month ago via pip install from the this git repository. That gave me the following tools:

/usr/local/bin/trezor-agent
/usr/local/bin/trezor-gpg
/usr/local/bin/trezor-git

On my MacPro however this wont work anymore. There are no tools installed.
What is the proper way to install the agent at the moment?

Also the trezorctl command is no longer availlable.

Best regards
Roland

Exception: Unexpected magic characters

Hi,
My Setup is: OS X 10.11.5, trezor (0.7.4), trezor-agent (0.7.2), Trezor Firmware 1.4.0

When I use trezor-gpg -v agent, I sometimes get this error:

[roland@Turtle:~] % clear;export TREZOR_GPG_USER_ID="Roland Planitz <[email protected]>"; trezor-gpg -v agent

2016-10-17 10:50:13,493 WARNING    This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility!
2016-10-17 10:50:13,512 DEBUG      serving on SSH_AUTH_SOCK=/Users/roland/.gnupg/S.gpg-agent
2016-10-17 10:50:13,513 DEBUG      waiting for connection on /Users/roland/.gnupg/S.gpg-agent
2016-10-17 10:50:35,369 DEBUG      accepted connection on /Users/roland/.gnupg/S.gpg-agent
2016-10-17 10:50:35,389 DEBUG      <- 'OK'
2016-10-17 10:50:35,390 DEBUG      -> 'RESET'
2016-10-17 10:50:35,390 DEBUG      <- 'OK'
2016-10-17 10:50:35,390 DEBUG      -> 'OPTION ttytype=xterm'
2016-10-17 10:50:35,390 DEBUG      <- 'OK'
2016-10-17 10:50:35,399 DEBUG      -> 'GETINFO version'
2016-10-17 10:50:35,399 DEBUG      <- 'D 2.1.15'
2016-10-17 10:50:35,399 DEBUG      <- 'OK'
2016-10-17 10:50:35,400 DEBUG      -> 'OPTION allow-pinentry-notify'
2016-10-17 10:50:35,400 DEBUG      <- 'OK'
2016-10-17 10:50:35,400 DEBUG      -> 'OPTION agent-awareness=2.1.0'
2016-10-17 10:50:35,400 DEBUG      <- 'OK'
2016-10-17 10:50:35,400 DEBUG      -> 'AGENT_ID'
2016-10-17 10:50:35,401 DEBUG      <- 'D TREZOR'
2016-10-17 10:50:35,401 DEBUG      <- 'OK'
2016-10-17 10:50:35,404 DEBUG      -> 'HAVEKEY E8AAD7A22972124DB68075FD64F070D221C2FD67 D7A218E5A497B42CEF3BC9C0F33BE9C1BA4AC619'
2016-10-17 10:50:35,405 DEBUG      <- 'OK'
2016-10-17 10:50:35,409 DEBUG      -> 'RESET'
2016-10-17 10:50:35,409 DEBUG      <- 'OK'
2016-10-17 10:50:35,410 DEBUG      -> 'SIGKEY E8AAD7A22972124DB68075FD64F070D221C2FD67'
2016-10-17 10:50:35,410 DEBUG      <- 'OK'
2016-10-17 10:50:35,411 DEBUG      -> 'SETKEYDESC Please+enter+the+passphrase+to+unlock+the+OpenPGP+secret+key:%0A%22Roland+Planitz+<[email protected]>%22%0A256-bit+ECDSA+key,+ID+44F2BB535E654B16,%0Acreated+2016-10-16.%0A'
2016-10-17 10:50:35,411 DEBUG      <- 'OK'
2016-10-17 10:50:35,412 DEBUG      -> 'SETHASH 8 BF6017085070F17056E65334AAEA5FFF141CF21A69C4FB66CD45E11480618851'
2016-10-17 10:50:35,412 DEBUG      <- 'OK'
2016-10-17 10:50:35,412 DEBUG      -> 'PKSIGN'
2016-10-17 10:50:35,424 DEBUG      prefix byte: 0b10011000
2016-10-17 10:50:35,425 DEBUG      packet length: 82
2016-10-17 10:50:35,425 DEBUG      parsing elliptic curve key
2016-10-17 10:50:35,426 DEBUG      mpi: 4449154ddcc2460afd028cfb0224aff70342becb57f21698b042c423d0ffe8a1d74036d5ad0ad6a6d936ae2229063f440c79953a44f6eb420c76708f2839dcacd (515 bits)
2016-10-17 10:50:35,504 DEBUG      key ID: 51F3833053F2E698
2016-10-17 10:50:35,504 DEBUG      packet "pubkey": {'created': 1476651084, 'verifying_key': <ecdsa.keys.VerifyingKey instance at 0x1053a7cf8>, 'tag': 6, 'curve_oid': '*\x86H\xce=\x03\x01\x07', 'verifier': <function _nist256p1_verify at 0x1053bb0c8>, 'version': 4, 'algo': 19, 'key_id': 'Q\xf3\x830S\xf2\xe6\x98', 'type': 'pubkey', '_to_hash': '\x99\x00R\x04X\x03\xe8L\x13\x08*\x86H\xce=\x03\x01\x07\x02\x03\x04D\x91T\xdd\xcc$`\xaf\xd0(\xcf\xb0"J\xffp4+\xec\xb5\x7f!i\x8b\x04,B=\x0f\xfe\x8a\x1dt\x03mZ\xd0\xadjm\x93j\xe2"\x90c\xf4@\xc7\x99S\xa4On\xb4 \xc7g\x08\xf2\x83\x9d\xca\xcd'}
2016-10-17 10:50:35,504 DEBUG      prefix byte: 0b10110100
2016-10-17 10:50:35,504 DEBUG      packet length: 34
2016-10-17 10:50:35,505 DEBUG      packet "user_id": {'tag': 13, 'type': 'user_id', 'value': 'Roland Planitz <[email protected]>', '_to_hash': '\xb4\x00\x00\x00"Roland Planitz <[email protected]>'}
2016-10-17 10:50:35,505 DEBUG      prefix byte: 0b10001000
2016-10-17 10:50:35,505 DEBUG      packet length: 121
2016-10-17 10:50:35,505 DEBUG      packet "signature": {'hash_prefix': 'lS', 'hashed_subpackets': ['\x02X\x03\xe8L', '\x0b\t', '\x1b\x03', '\x15\x08', '\x16\x00', '\x17\x80'], 'pubkey_alg': 19, '_is_custom': True, 'hash_alg': 8, 'tag': 2, 'sig_type': 19, 'version': 4, 'sig': (102528692007018662478410427344616484795132055260561832797479366964600507666647L, 57719256278049600832974411777041248160917410385421014829423897735370847269749L), 'unhashed_subpackets': ['\x10Q\xf3\x830S\xf2\xe6\x98', 'dTREZOR-GPG'], 'type': 'signature', '_to_hash': '\x04\x13\x13\x08\x00\x15\x05\x02X\x03\xe8L\x02\x0b\t\x02\x1b\x03\x02\x15\x08\x02\x16\x00\x02\x17\x80\x04\xff\x00\x00\x00\x1b'}
2016-10-17 10:50:35,506 DEBUG      prefix byte: 0b10111000
2016-10-17 10:50:35,506 DEBUG      packet length: 86
2016-10-17 10:50:35,506 DEBUG      parsing elliptic curve key
2016-10-17 10:50:35,507 DEBUG      mpi: 408933d7028f6ad2e099f00f84c52aabfee1d5ccd6fbd051d44f057a1d6263d4188ca607f310410116a21afbd83d2e73b4f97e40d178d0904097777c846997825 (515 bits)
2016-10-17 10:50:35,575 DEBUG      key ID: 6DACEBD50DF117C4
2016-10-17 10:50:35,575 DEBUG      packet "subkey": {'created': 1476651084, 'verifying_key': <ecdsa.keys.VerifyingKey instance at 0x1053a7d40>, 'kdf': '\x01\x08\x07', 'tag': 14, 'curve_oid': '*\x86H\xce=\x03\x01\x07', 'verifier': <function _nist256p1_verify at 0x1049a9b18>, 'version': 4, 'algo': 18, 'key_id': 'm\xac\xeb\xd5\r\xf1\x17\xc4', 'type': 'subkey', '_to_hash': '\x99\x00V\x04X\x03\xe8L\x12\x08*\x86H\xce=\x03\x01\x07\x02\x03\x04\x08\x93=p(\xf6\xad.\t\x9f\x00\xf8LR\xaa\xbf\xee\x1d\\\xcdo\xbd\x05\x1dD\xf0W\xa1\xd6&=A\x88\xca`\x7f1\x04\x10\x11j!\xaf\xbd\x83\xd2\xe7;O\x97\xe4\r\x17\x8d\t\x04\tww\xc8F\x99x%\x03\x01\x08\x07'}
2016-10-17 10:50:35,575 DEBUG      prefix byte: 0b10001000
2016-10-17 10:50:35,575 DEBUG      packet length: 109
2016-10-17 10:50:35,576 DEBUG      packet "signature": {'hash_prefix': '\x7f\xac', 'hashed_subpackets': ['\x02X\x03\xe8L', '\x1b\x0c'], 'pubkey_alg': 19, '_is_custom': True, 'hash_alg': 8, 'tag': 2, 'sig_type': 24, 'version': 4, 'sig': (51411217383221898020449732713403463792152212539112153765469687666398206976286L, 52574456261918540967165567050963813670579719393906417307543590784493354206261L), 'unhashed_subpackets': ['\x10Q\xf3\x830S\xf2\xe6\x98', 'dTREZOR-GPG'], 'type': 'signature', '_to_hash': '\x04\x18\x13\x08\x00\t\x05\x02X\x03\xe8L\x02\x1b\x0c\x04\xff\x00\x00\x00\x0f'}
2016-10-17 10:50:35,576 DEBUG      loaded public key "Roland Planitz <[email protected]>"
2016-10-17 10:50:35,822 DEBUG      nist256p1 ECDSA signature is OK (True)
2016-10-17 10:50:35,822 DEBUG      GPG public key is OK
2016-10-17 10:50:35,822 DEBUG      found custom pubkey
2016-10-17 10:50:35,822 DEBUG      pubkey_dict: {'user_id': 'Roland Planitz <[email protected]>', '_is_custom': True, 'created': 1476651084, 'verifying_key': <ecdsa.keys.VerifyingKey instance at 0x1053a7cf8>, 'tag': 6, 'curve_oid': '*\x86H\xce=\x03\x01\x07', 'verifier': <function _nist256p1_verify at 0x1053bb0c8>, 'version': 4, 'algo': 19, 'key_id': 'Q\xf3\x830S\xf2\xe6\x98', 'type': 'pubkey', '_to_hash': '\x99\x00R\x04X\x03\xe8L\x13\x08*\x86H\xce=\x03\x01\x07\x02\x03\x04D\x91T\xdd\xcc$`\xaf\xd0(\xcf\xb0"J\xffp4+\xec\xb5\x7f!i\x8b\x04,B=\x0f\xfe\x8a\x1dt\x03mZ\xd0\xadjm\x93j\xe2"\x90c\xf4@\xc7\x99S\xa4On\xb4 \xc7g\x08\xf2\x83\x9d\xca\xcd'}
Traceback (most recent call last):
  File "/usr/local/bin/trezor-gpg", line 11, in <module>
    sys.exit(main())
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/__main__.py", line 95, in main
    args.run(args)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/__main__.py", line 69, in run_agent
    agent.handle_connection(conn)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/agent.py", line 121, in handle_connection
    sig = pksign(keygrip, digest, algo)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/agent.py", line 47, in pksign
    pubkey, conn = encode.load_from_public_key(pubkey_dict=pubkey_dict)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/encode.py", line 119, in load_from_public_key
    conn = device.HardwareSigner(user_id, curve_name=curve_name)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/gpg/device.py", line 11, in __init__
    self.client_wrapper = factory.load()
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/factory.py", line 248, in load
    device_list.extend(device)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/factory.py", line 27, in _load_client
    connection = client_type(hid_transport(d))
  File "/usr/local/lib/python2.7/site-packages/trezorlib/client.py", line 361, in __init__
    self.init_device()
  File "/usr/local/lib/python2.7/site-packages/trezorlib/client.py", line 368, in init_device
    self.features = expect(proto.Features)(self.call)(proto.Initialize())
  File "/usr/local/lib/python2.7/site-packages/trezorlib/client.py", line 85, in wrapped_f
    ret = f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/trezorlib/client.py", line 98, in wrapped_f
    return f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/trezorlib/client.py", line 134, in call
    resp = self.call_raw(msg)
  File "/usr/local/lib/python2.7/site-packages/trezorlib/client.py", line 98, in wrapped_f
    return f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/trezorlib/client.py", line 130, in call_raw
    return self.transport.read_blocking()
  File "/usr/local/lib/python2.7/site-packages/trezorlib/transport.py", line 68, in read_blocking
    data = self._read()
  File "/usr/local/lib/python2.7/site-packages/trezorlib/transport.py", line 128, in _read
    (msg_type, datalen, data) = self.parse_first(chunk)
  File "/usr/local/lib/python2.7/site-packages/trezorlib/transport.py", line 140, in parse_first
    raise Exception("Unexpected magic characters")
Exception: Unexpected magic characters

[roland@Turtle:~] % gpg2 -k --with-keygrip github
pub   nistp256 2016-10-16 [SC]
      7E9266BFAA9BE177D92DDAFB51F3833053F2E698
      Keygrip = DAB26946E82099931400D154BB197035B5324F5C
uid           [ultimate] Roland Planitz <[email protected]>
sub   nistp256 2016-10-16 [E]
      Keygrip = C3A0AB22ECBD28F010F44DB387892A2C4A586AD6

[roland@Turtle:~] % gpg2 --export github | gpg2 --list-packets 
# off=0 ctb=98 tag=6 hlen=2 plen=82
:public key packet:
    version 4, algo 19, created 1476651084, expires 0
    pkey[0]: [72 bits] nistp256 (1.2.840.10045.3.1.7)
    pkey[1]: [515 bits]
    keyid: 51F3833053F2E698
# off=84 ctb=b4 tag=13 hlen=2 plen=34
:user ID packet: "Roland Planitz <[email protected]>"
# off=120 ctb=88 tag=2 hlen=2 plen=121
:signature packet: algo 19, keyid 51F3833053F2E698
    version 4, created 1476651084, md5len 0, sigclass 0x13
    digest algo 8, begin of digest 6c 53
    hashed subpkt 2 len 4 (sig created 2016-10-16)
    hashed subpkt 11 len 1 (pref-sym-algos: 9)
    hashed subpkt 27 len 1 (key flags: 03)
    hashed subpkt 21 len 1 (pref-hash-algos: 8)
    hashed subpkt 22 len 1 (pref-zip-algos: 0)
    hashed subpkt 23 len 1 (keyserver preferences: 80)
    subpkt 16 len 8 (issuer key ID 51F3833053F2E698)
    subpkt 100 len 10 (experimental / private subpacket)
    data: [256 bits]
    data: [255 bits]
# off=243 ctb=b8 tag=14 hlen=2 plen=86
:public sub key packet:
    version 4, algo 18, created 1476651084, expires 0
    pkey[0]: [72 bits] nistp256 (1.2.840.10045.3.1.7)
    pkey[1]: [515 bits]
    pkey[2]: [32 bits]
    keyid: 6DACEBD50DF117C4
# off=331 ctb=88 tag=2 hlen=2 plen=109
:signature packet: algo 19, keyid 51F3833053F2E698
    version 4, created 1476651084, md5len 0, sigclass 0x18
    digest algo 8, begin of digest 7f ac
    hashed subpkt 2 len 4 (sig created 2016-10-16)
    hashed subpkt 27 len 1 (key flags: 0C)
    subpkt 16 len 8 (issuer key ID 51F3833053F2E698)
    subpkt 100 len 10 (experimental / private subpacket)
    data: [255 bits]
    data: [255 bits]

Hope that helps

Best regards
Roland

Not working with Ledger Nano S

Using Ledger Nano S with firmware 1.2 on OSX 10.12

When i try and run trezor-agent me@localhost, i get the following error:

Traceback (most recent call last):
  File "/usr/local/bin/trezor-agent", line 11, in <module>
    sys.exit(run_agent())
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/__main__.py", line 115, in wrapper
    return func(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/__main__.py", line 132, in run_agent
    public_key = conn.get_public_key(label=label)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/client.py", line 53, in get_public_key
    ecdsa_curve_name=self.curve)
  File "/usr/local/lib/python2.7/site-packages/trezor_agent/factory.py", line 131, in get_public_node
    result = bytearray(self.dongle.exchange(bytes(apdu)))[1:]
  File "/usr/local/lib/python2.7/site-packages/ledgerblue/comm.py", line 128, in exchange
    raise CommException("Invalid status %04x" % sw, sw, response)
ledgerblue.commException.CommException: Exception : Invalid status 6e00

Device is plugged in and unlocked with pin, logged the same issue with ledger directly, here is the link:

LedgerHQ/app-ssh-agent#2

Poor Python 3 support

The tests are passing for Py3 although when I run trezor-gpg agent I get this:

Traceback (most recent call last):
  File "/home/minder/.virtualenvs/trezor/bin/trezor-gpg", line 11, in <module>
    load_entry_point('trezor-agent==0.7.0', 'console_scripts', 'trezor-gpg')()
  File "/home/minder/.virtualenvs/trezor/lib/python3.5/site-packages/trezor_agent/gpg/__main__.py", line 95, in main
    args.run(args)
  File "/home/minder/.virtualenvs/trezor/lib/python3.5/site-packages/trezor_agent/gpg/__main__.py", line 65, in run_agent
    sock_path = keyring.get_agent_sock_path()
  File "/home/minder/.virtualenvs/trezor/lib/python3.5/site-packages/trezor_agent/gpg/keyring.py", line 18, in get_agent_sock_path
    lines = sp.check_output(['gpgconf', '--list-dirs']).strip().split('\n')
TypeError: a bytes-like object is required, not 'str'

Nevertheless I'm working on a solution 😄

[ledger] GPG Issues

GPG version is 2.1.12

I created a key successfully, but when I try to use my secret key, it complains and the agent dies, with nothing showing up on my Ledger Nano S screen. Let me know what else you may need to diagnose this.

$ echo "Hello World!" | gpg2 --sign | gpg2 --verify
gpg: using "EA6311CA" as default secret key for signing (this appears to be the correct key)
gpg: signing failed: End of file
Traceback (most recent call last):
File "/usr/local/bin/trezor-gpg", line 9, in
gpg: signing failed: End of file
load_entry_point('trezor-agent==0.6.5', 'console_scripts', 'trezor-gpg')()
File "build/bdist.linux-x86_64/egg/trezor_agent/gpg/main.py", line 90, in main
File "build/bdist.linux-x86_64/egg/trezor_agent/gpg/main.py", line 66, in run_agent
File "build/bdist.linux-x86_64/egg/trezor_agent/gpg/agent.py", line 125, in handle_connection
File "build/bdist.linux-x86_64/egg/trezor_agent/gpg/agent.py", line 42, in pksign
AssertionError
gpg: no signature found
gpg: uncompressing failed: No data
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
$
[1]+ Exit 1 trezor-gpg agent

romanz / trezor-agent Goto Github PK

trezor-agent's Introduction

Hardware-based SSH/GPG/age agent

Components

Documentation

trezor-agent's People

Contributors

Stargazers

Watchers

Forkers

trezor-agent's Issues

Recommend Projects

Recommend Topics

Recommend Org