gpg: update README for easier usage

2026-02-24 16:18:12 +08:00 · 2016-10-22 22:44:45 +03:00
parent 93e3c66a15
commit a68f1e5c26
1 changed files with 35 additions and 52 deletions
--- a/README-GPG.md
+++ b/README-GPG.md
@@ -18,79 +18,62 @@ Install latest `trezor-agent` package from GitHub:
 $ pip install --user git+https://github.com/romanz/trezor-agent.git
 ```

-Define your GPG user ID as an environment variable:
-```
-$ TREZOR_GPG_USER_ID="John Doe <john@doe.bit>"
-```
+# Quickstart

-There are two ways to generate TREZOR-based GPG public keys, as described below.
-
-## 1. generate a new GPG identity:
+[![asciicast](https://asciinema.org/a/88teiuljlxp8w0avvn7oorr4s.png)](https://asciinema.org/a/88teiuljlxp8w0avvn7oorr4s)

+# Initialization
 ```
-$ trezor-gpg create "${TREZOR_GPG_USER_ID}" | gpg2 --import           # use the TREZOR to confirm signing the primary key
-gpg: key 5E4D684D: public key "John Doe <john@doe.bit>" imported
+$ ./scripts/gpg-init "John Doe <john@doe.bit>"
+2016-10-22 22:36:23,952 INFO         creating new ed25519 GPG primary key for "John Doe <john@doe.bit>"                                   [__main__.py:56]
+2016-10-22 22:36:23,952 INFO         please confirm GPG signature on Trezor for "John Doe <john@doe.bit>"...                              [device.py:39]
+2016-10-22 22:36:26,307 INFO         please confirm GPG signature on Trezor for "John Doe <john@doe.bit>"...                              [device.py:39]
+gpg: keybox '/home/roman/.gnupg/trezor/pubring.kbx' created
+gpg: /home/roman/.gnupg/trezor/trustdb.gpg: trustdb created
+gpg: key 7482BAFD9AFE0C94: public key "John Doe <john@doe.bit>" imported
 gpg: Total number processed: 1
 gpg:               imported: 1
-
-$ gpg2 --edit "${TREZOR_GPG_USER_ID}" trust                           # set this key to ultimate trust (option #5)
-
-$ gpg2 -k
-/home/roman/.gnupg/pubring.kbx
------------------------------
-pub   nistp256/5E4D684D 2016-06-17 [SC]
-uid         [ultimate] John Doe <john@doe.bit>
-sub   nistp256/A31D9E25 2016-06-17 [E]
-```
-
-## 2. generate a new subkey for an existing GPG identity:
-
-```
-$ gpg2 -k                                                             # suppose there is already a GPG primary key
-/home/roman/.gnupg/pubring.kbx
------------------------------
-pub   rsa2048/87BB07B4 2016-06-17 [SC]
-uid         [ultimate] John Doe <john@doe.bit>
-sub   rsa2048/7176D31F 2016-06-17 [E]
-
-$ trezor-gpg create "${TREZOR_GPG_USER_ID}" | gpg2 --import           # use the TREZOR to confirm signing the subkey
-gpg: key 87BB07B4: "John Doe <john@doe.bit>" 2 new signatures
-gpg: key 87BB07B4: "John Doe <john@doe.bit>" 2 new subkeys
-gpg: Total number processed: 1
-gpg:            new subkeys: 2
-gpg:         new signatures: 2
-
-$ gpg2 -k
-/home/roman/.gnupg/pubring.kbx
------------------------------
-pub   rsa2048/87BB07B4 2016-06-17 [SC]
-uid         [ultimate] John Doe <john@doe.bit>
-sub   rsa2048/7176D31F 2016-06-17 [E]
-sub   nistp256/DDE80B36 2016-06-17 [S]
-sub   nistp256/E3D0BA19 2016-06-17 [E]
+Marking 0x7482BAFD9AFE0C94 as trusted...
 ```

 # Usage examples:

 ## Start the TREZOR-based gpg-agent:
 ```
-$ trezor-gpg agent &
+$ ./scripts/gpg-shell
+gpg: key 7482BAFD9AFE0C94 marked as ultimately trusted
+gpg: checking the trustdb
+gpg: marginals needed: 3  completes needed: 1  trust model: pgp
+gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
+/home/roman/.gnupg/trezor/pubring.kbx
+-------------------------------------
+pub   ed25519 2016-10-22 [SC]
+      74D5CDA3387022810BC97B257482BAFD9AFE0C94
+      Keygrip = 78DDB30A6A9A7573606BAEDDC0D4065610831B6B
+uid           [ultimate] John Doe <john@doe.bit>
+sub   cv25519 2016-10-22 [E]
+      Keygrip = 182A7F215C98CA29CF8A8A92B92D4A4F8BBEE1FD
+
+Starting GPG-enabled shell...
 ```
-Note: this agent intercepts all GPG requests, so make sure to close it (e.g. by using `killall trezor-gpg`),
-when you are done with the TREZOR-based GPG operations.
+
+Note: this agent intercepts all GPG requests in the current shell, and will be killed after this shell is closed.

 ## Sign and verify GPG messages:
 ```
 $ echo "Hello World!" | gpg2 --sign | gpg2 --verify
-gpg: Signature made Fri 17 Jun 2016 08:55:13 PM IDT using ECDSA key ID 5E4D684D
+2016-10-22 22:36:38,088 INFO         please confirm GPG signature on Trezor for "John Doe <john@doe.bit>"...                              [device.py:39]
+gpg: Signature made Sat 22 Oct 2016 10:36:37 PM IDT
+gpg:                using EDDSA key 7482BAFD9AFE0C94
 gpg: Good signature from "John Doe <john@doe.bit>" [ultimate]
 ```
 ## Encrypt and decrypt GPG messages:
 ```
-$ date | gpg2 --encrypt -r "${TREZOR_GPG_USER_ID}" | gpg2 --decrypt
-gpg: encrypted with 256-bit ECDH key, ID A31D9E25, created 2016-06-17
+$ date | gpg2 --encrypt -r John | gpg2 --decrypt
+2016-10-22 22:36:43,820 INFO         please confirm GPG decryption on Trezor for "John Doe <john@doe.bit>"...                             [device.py:52]
+gpg: encrypted with 256-bit ECDH key, ID 4BE3A7CA55CEB3DE, created 2016-10-22
      "John Doe <john@doe.bit>"
-Fri Jun 17 20:55:31 IDT 2016
+Sat Oct 22 22:36:43 IDT 2016
 ```

 ## Git commit & tag signatures: