Add support for the Blockstream Jade hww

Supports ssh and gpg, incl. ecdh/decryption.
Initially only supports curve 'nist256p1'.

doc/DESIGN.md

@@ -6,7 +6,7 @@ SSH and GPG do this by means of a simple interprocess communication protocol (us
 
 These two agents make the connection between the front end (e.g. a `gpg --sign` command, or an `ssh user@fqdn`). And then they wait for a request from the 'front end', and then do the actual asking for a password and subsequent using the private key to sign or decrypt something.
 
-The various hardware wallets (Trezor, KeepKey and Ledger) each have the ability (as of Firmware 1.3.4) to use the NIST P-256 elliptic curve to sign, encrypt or decrypt. This curve can be used with S/MIME, GPG and SSH.
+The various hardware wallets (Trezor, KeepKey, Ledger and Jade) each have the ability (as of Firmware 1.3.4) to use the NIST P-256 elliptic curve to sign, encrypt or decrypt. This curve can be used with S/MIME, GPG and SSH.
 
 So when you `ssh` to a machine - rather than consult the normal ssh-agent (which in turn will use your private SSH key in files such as `~/.ssh/id_rsa`) -- the trezor-agent will aks your hardware wallet to use its private key to sign the challenge.
 

doc/INSTALL.md

@@ -152,7 +152,31 @@ Then, install the latest [keepkey_agent](https://pypi.python.org/pypi/keepkey_ag
     $ pip3 install --user -e trezor-agent/agents/onlykey
     ```
 
-# 6. Installation Troubleshooting
+# 6. Install the Blockstream Jade agent
+
+1. Make sure you are running the latest firmware version on your Blockstream Jade:
+
+ * [Jade firmware releases](https://github.com/Blockstream/Jade/blob/master/CHANGELOG.md): `0.1.33+`
+
+2. Make sure that your `udev` rules are configured [correctly](https://github.com/bitcoin-core/HWI/blob/master/hwilib/udev/55-usb-jade.rules).
+
+3. If necessary, ensure the user is added to the [`dialout` group](https://help.blockstream.com/hc/en-us/articles/900005443223-My-Blockstream-Jade-is-not-recognized-by-my-computer)
+
+4. Then, install the latest [jade-agent](https://pypi.python.org/pypi/jade-agent) package:
+
+    ```
+    $ pip3 install jade-agent
+    ```
+
+    Or, directly from the latest source code:
+
+    ```
+    $ git clone https://github.com/romanz/trezor-agent
+    $ pip3 install --user -e trezor-agent
+    $ pip3 install --user -e trezor-agent/agents/jade
+    ```
+
+# 7. Installation Troubleshooting
 
 If there is an import problem with the installed `protobuf` package,
 see [this issue](https://github.com/romanz/trezor-agent/issues/28) for fixing it.

doc/README-GPG.md

@@ -5,7 +5,7 @@ and please let me [know](https://github.com/romanz/trezor-agent/issues/new) if s
 work well for you. If possible:
 
  * record the session (e.g. using [asciinema](https://asciinema.org))
- * attach the GPG agent log from `~/.gnupg/{trezor,ledger}/gpg-agent.log` (can be [encrypted](https://keybase.io/romanz))
+ * attach the GPG agent log from `~/.gnupg/{trezor,ledger,jade}/gpg-agent.log` (can be [encrypted](https://keybase.io/romanz))
 
 Thanks!
 
@@ -18,14 +18,14 @@ Thanks!
     Run
 
     ```
-    $ (trezor|keepkey|ledger|onlykey)-gpg init "Roman Zeyde <roman.zeyde@gmail.com>"
+    $ (trezor|keepkey|ledger|jade|onlykey)-gpg init "Roman Zeyde <roman.zeyde@gmail.com>"
     ```
 
     Follow the instructions provided to complete the setup.  Keep note of the timestamp value which you'll need if you want to regenerate the key later.
 
     If you'd like a Trezor-style PIN entry program, follow [these instructions](README-PINENTRY.md).
 
-2. Add `export GNUPGHOME=~/.gnupg/(trezor|keepkey|ledger|onlykey)` to your `.bashrc` or other environment file.
+2. Add `export GNUPGHOME=~/.gnupg/(trezor|keepkey|ledger|jade|onlykey)` to your `.bashrc` or other environment file.
 
     This `GNUPGHOME` contains your hardware keyring and agent settings.  This agent software assumes all keys are backed by hardware devices so you can't use standard GPG keys in `GNUPGHOME` (if you do mix keys you'll receive an error when you attempt to use them).
 
@@ -203,7 +203,7 @@ Follow [these instructions](enigmail.md) to set up Enigmail in Thunderbird.
 
 ##### 1. Create these files in `~/.config/systemd/user`
 
-Replace `trezor` with `keepkey` or `ledger` or `onlykey` as required.
+Replace `trezor` with `keepkey` or `ledger` or `jade` or `onlykey` as required.
 
 ###### `trezor-gpg-agent.service`
 

doc/README-SSH.md

@@ -4,13 +4,13 @@
 
 SSH requires no configuration, but you may put common command line options in `~/.ssh/agent.conf` to avoid repeating them in every invocation.
 
-See `(trezor|keepkey|ledger|onlykey)-agent -h` for details on supported options and the configuration file format.
+See `(trezor|keepkey|ledger|jade|onlykey)-agent -h` for details on supported options and the configuration file format.
 
 If you'd like a Trezor-style PIN entry program, follow [these instructions](README-PINENTRY.md).
 
 ## 2. Usage
 
-Use the `(trezor|keepkey|ledger|onlykey)-agent` program to work with SSH. It has three main modes of operation:
+Use the `(trezor|keepkey|ledger|jade|onlykey)-agent` program to work with SSH. It has three main modes of operation:
 
 ##### 1. Export public keys
 
@@ -18,7 +18,7 @@ To get your public key so you can add it to `authorized_hosts` or allow
 ssh access to a service that supports it, run:
 
 ```
-(trezor|keepkey|ledger|onlykey)-agent identity@myhost
+(trezor|keepkey|ledger|jade|onlykey)-agent identity@myhost
 ```
 
 The identity (ex: `identity@myhost`) is used to derive the public key and is added as a comment to the exported key string.
@@ -28,7 +28,7 @@ The identity (ex: `identity@myhost`) is used to derive the public key and is add
 Run
 
 ```
-$ (trezor|keepkey|ledger|onlykey)-agent identity@myhost -- COMMAND --WITH --ARGUMENTS
+$ (trezor|keepkey|ledger|jade|onlykey)-agent identity@myhost -- COMMAND --WITH --ARGUMENTS
 ```
 
 to start the agent in the background and execute the command with environment variables set up to use the SSH agent.  The specified identity is used for all SSH connections.  The agent will exit after the command completes.
@@ -36,23 +36,23 @@ Note the `--` separator, which is used to separate `trezor-agent`'s arguments fr
 
 Example:
 ```
- (trezor|keepkey|ledger|onlykey)-agent -e ed25519 bob@example.com -- rsync up/ bob@example.com:/home/bob
+ (trezor|keepkey|ledger|jade|onlykey)-agent -e ed25519 bob@example.com -- rsync up/ bob@example.com:/home/bob
 ```
 
 As a shortcut you can run
 
 ```
-$ (trezor|keepkey|ledger|onlykey)-agent identity@myhost -s
+$ (trezor|keepkey|ledger|jade|onlykey)-agent identity@myhost -s
 ```
 
 to start a shell with the proper environment.
 
-##### 3. Connect to a server directly via `(trezor|keepkey|ledger|onlykey)-agent`
+##### 3. Connect to a server directly via `(trezor|keepkey|ledger|jade|onlykey)-agent`
 
 If you just want to connect to a server this is the simplest way to do it:
 
 ```
-$ (trezor|keepkey|ledger|onlykey)-agent user@remotehost -c
+$ (trezor|keepkey|ledger|jade|onlykey)-agent user@remotehost -c
 ```
 
 The identity `user@remotehost` is used as both the destination user and host as well as for key derivation, so you must generate a separate key for each host you connect to.
@@ -118,7 +118,7 @@ The same works for Mercurial (e.g. on [BitBucket](https://confluence.atlassian.c
 
 ##### 1. Create these files in `~/.config/systemd/user`
 
-Replace `trezor` with `keepkey` or `ledger` or `onlykey` as required.
+Replace `trezor` with `keepkey` or `ledger` or `jade` or `onlykey` as required.
 
 ###### `trezor-ssh-agent.service`