From a45c6c1300c31b391bae4cd10966b6572d6c3df6 Mon Sep 17 00:00:00 2001
From: Roman Zeyde <romanzeyde@google.com>
Date: Thu, 28 Apr 2016 22:17:08 +0300
Subject: [PATCH] horrible hack - but IT WORKS!!!

---
 trezor_agent/gpg/decode.py | 10 ++++++++--
 trezor_agent/gpg/test.sh   |  9 +++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/trezor_agent/gpg/decode.py b/trezor_agent/gpg/decode.py
index d57bd2c..ebe96b3 100644
--- a/trezor_agent/gpg/decode.py
+++ b/trezor_agent/gpg/decode.py
@@ -115,6 +115,7 @@ def _parse_signature(stream):
     p['unhashed_subpackets'] = parse_subpackets(stream)
     embedded = list(_parse_embedded_signatures(p['unhashed_subpackets']))
     if embedded:
+        log.info('embedded sigs: %s', embedded)
         p['embedded'] = embedded
 
     p['hash_prefix'] = stream.readfmt('2s')
@@ -248,13 +249,18 @@ def digest_packets(packets):
 def load_public_key(stream):
     """Parse and validate GPG public key from an input stream."""
     packets = list(parse_packets(util.Reader(stream)))
-    pubkey, userid, signature = packets[:3]
+    subkey = subsig = None
+    if len(packets) == 5:
+        pubkey, userid, signature, subkey, subsig = packets
+    else:
+        pubkey, userid, signature = packets
+
     digest = digest_packets([pubkey, userid, signature])
     assert signature['hash_prefix'] == digest[:2]
     log.debug('loaded public key "%s"', userid['value'])
     verify_digest(pubkey=pubkey, digest=digest,
                   signature=signature['sig'], label='GPG public key')
-    return pubkey
+    return subkey or pubkey
 
 
 def load_signature(stream, original_data):
diff --git a/trezor_agent/gpg/test.sh b/trezor_agent/gpg/test.sh
index fd7975d..4f21a02 100644
--- a/trezor_agent/gpg/test.sh
+++ b/trezor_agent/gpg/test.sh
@@ -1,7 +1,12 @@
+# NEVER RUN ON YOUR OWN REAL GPG KEYS!!!!! THEY WILL BE DELETED!!!!!
 set -x
 (cd ~/.gnupg && rm -r openpgp-revocs.d/ private-keys-v1.d/ pubring.kbx* trustdb.gpg /tmp/log *.gpg; killall gpg-agent)
 gpg2 --full-gen-key --expert
 gpg2 --export > romanz.pub
-NOW=`date +%s`; trezor-gpg -t $NOW "romanz" -o subkey.pub
+NOW=`date +%s`
+trezor-gpg -t $NOW "romanz" -o subkey.pub
 gpg2 -vv --import <(cat romanz.pub subkey.pub)
-gpg2 -k
+gpg2 -K
+
+trezor-gpg -t $NOW "romanz" EXAMPLE
+gpg2 --verify EXAMPLE.sig