diff --git a/trezor_agent/gpg/encode.py b/trezor_agent/gpg/encode.py index 2e72b6b..05ea87d 100644 --- a/trezor_agent/gpg/encode.py +++ b/trezor_agent/gpg/encode.py @@ -163,14 +163,18 @@ class PublicKey(object): """Data for digest computation.""" return b'\x99' + util.prefix_len('>H', self.data()) + def _fingerprint(self): + return hashlib.sha1(self.data_to_hash()).digest() + def key_id(self): """Short (8 byte) GPG key ID.""" - fingerprint = hashlib.sha1(self.data_to_hash()).digest() - return fingerprint[-8:] + return self._fingerprint()[-8:] - def hex_short_key_id(self): + def __repr__(self): """Short (8 hexadecimal digits) GPG key ID.""" - return util.hexlify(self.key_id()[-4:]) + return '<{}>'.format(util.hexlify(self.key_id())) + + __str__ = __repr__ class Signer(object): @@ -187,8 +191,7 @@ class Signer(object): verifying_key=self.conn.pubkey()) log.info('%s GPG public key %s created at %s', curve_name, - self.pubkey.hex_short_key_id(), - util.time_format(self.pubkey.created)) + self.pubkey, util.time_format(self.pubkey.created)) @classmethod def from_public_key(cls, pubkey, user_id): @@ -236,11 +239,11 @@ class Signer(object): sign_packet = packet(tag=2, blob=signature) return pubkey_packet + user_id_packet + sign_packet - def subkey(self, user_id): + def subkey(self): subkey_packet = packet(tag=14, blob=self.pubkey.data()) - primary = decode.load_from_gpg(user_id) - keygrip = agent.get_keygrip(user_id) - log.info('adding as subkey to %s (%s)', user_id, keygrip) + primary = decode.load_from_gpg(self.user_id) + keygrip = agent.get_keygrip(self.user_id) + log.info('adding as subkey to %s (%s)', self.user_id, keygrip) data_to_sign = primary['_to_hash'] + self.pubkey.data_to_hash() hashed_subpackets = [ subpacket_time(self.pubkey.created)] # signature creaion time @@ -261,7 +264,7 @@ class Signer(object): subpacket(16, primary['key_id']), # issuer key id subpacket(32, back_sign)] - conn = AgentSigner(user_id, curve_name=formats.CURVE_NIST256) + conn = AgentSigner(self.user_id, curve_name=formats.CURVE_NIST256) # Subkey Binding Signature signature = _make_signature(conn=conn, diff --git a/trezor_agent/gpg/signer.py b/trezor_agent/gpg/signer.py index 1cffcc0..c9b424a 100755 --- a/trezor_agent/gpg/signer.py +++ b/trezor_agent/gpg/signer.py @@ -31,6 +31,7 @@ def main(): p.add_argument('-t', '--time', type=int, default=int(time.time())) p.add_argument('-a', '--armor', action='store_true', default=False) p.add_argument('-v', '--verbose', action='store_true', default=False) + p.add_argument('-s', '--subkey', action='store_true', default=False) p.add_argument('-e', '--ecdsa-curve', default='nist256p1') p.add_argument('-o', '--output', help='Output file name for the results. ' @@ -44,12 +45,16 @@ def main(): if not args.filename: s = encode.Signer(user_id=user_id, created=args.time, curve_name=args.ecdsa_curve) - pubkey = s.subkey(user_id='romanz') + if args.subkey: + pubkey = s.subkey() + else: + pubkey = s.export() + ext = '.pub' if args.armor: pubkey = encode.armor(pubkey, 'PUBLIC KEY BLOCK') ext = '.asc' - filename = args.output or (s.hex_short_key_id() + ext) + filename = args.output or '-' # use stdout if no file specified if filename == 'GPG': log.info('importing public key to local keyring') _call_with_input(['gpg2', '--import'], pubkey) diff --git a/trezor_agent/gpg/test.sh b/trezor_agent/gpg/test.sh index e063cde..9a25bb0 100644 --- a/trezor_agent/gpg/test.sh +++ b/trezor_agent/gpg/test.sh @@ -4,10 +4,10 @@ set -x -e -u gpg2 --full-gen-key --expert gpg2 --export > romanz.pub NOW=`date +%s` -trezor-gpg -t $NOW "romanz" -o subkey.pub +trezor-gpg -t $NOW -v --subkey "romanz" -o subkey.pub gpg2 -K gpg2 -vv --import <(cat romanz.pub subkey.pub) gpg2 -K -trezor-gpg -t $NOW "romanz" EXAMPLE +trezor-gpg -t $NOW -v "romanz" EXAMPLE gpg2 --verify EXAMPLE.sig