gpg: fixup subkey/export handling

trezor_agent/gpg/encode.py

@@ -163,14 +163,18 @@ class PublicKey(object):
         """Data for digest computation."""
         return b'\x99' + util.prefix_len('>H', self.data())
 
+    def _fingerprint(self):
+        return hashlib.sha1(self.data_to_hash()).digest()
+
     def key_id(self):
         """Short (8 byte) GPG key ID."""
-        fingerprint = hashlib.sha1(self.data_to_hash()).digest()
+        return self._fingerprint()[-8:]
-        return fingerprint[-8:]
 
-    def hex_short_key_id(self):
+    def __repr__(self):
         """Short (8 hexadecimal digits) GPG key ID."""
-        return util.hexlify(self.key_id()[-4:])
+        return '<{}>'.format(util.hexlify(self.key_id()))
+
+    __str__ = __repr__
 
 
 class Signer(object):
@@ -187,8 +191,7 @@ class Signer(object):
             verifying_key=self.conn.pubkey())
 
         log.info('%s GPG public key %s created at %s', curve_name,
-                 self.pubkey.hex_short_key_id(),
+                 self.pubkey, util.time_format(self.pubkey.created))
-                 util.time_format(self.pubkey.created))
 
     @classmethod
     def from_public_key(cls, pubkey, user_id):
@@ -236,11 +239,11 @@ class Signer(object):
         sign_packet = packet(tag=2, blob=signature)
         return pubkey_packet + user_id_packet + sign_packet
 
-    def subkey(self, user_id):
+    def subkey(self):
         subkey_packet = packet(tag=14, blob=self.pubkey.data())
-        primary = decode.load_from_gpg(user_id)
+        primary = decode.load_from_gpg(self.user_id)
-        keygrip = agent.get_keygrip(user_id)
+        keygrip = agent.get_keygrip(self.user_id)
-        log.info('adding as subkey to %s (%s)', user_id, keygrip)
+        log.info('adding as subkey to %s (%s)', self.user_id, keygrip)
         data_to_sign = primary['_to_hash'] + self.pubkey.data_to_hash()
         hashed_subpackets = [
             subpacket_time(self.pubkey.created)]  # signature creaion time
@@ -261,7 +264,7 @@ class Signer(object):
             subpacket(16, primary['key_id']),  # issuer key id
             subpacket(32, back_sign)]
 
-        conn = AgentSigner(user_id, curve_name=formats.CURVE_NIST256)
+        conn = AgentSigner(self.user_id, curve_name=formats.CURVE_NIST256)
 
         # Subkey Binding Signature
         signature = _make_signature(conn=conn,

trezor_agent/gpg/signer.py

@@ -31,6 +31,7 @@ def main():
     p.add_argument('-t', '--time', type=int, default=int(time.time()))
     p.add_argument('-a', '--armor', action='store_true', default=False)
     p.add_argument('-v', '--verbose', action='store_true', default=False)
+    p.add_argument('-s', '--subkey', action='store_true', default=False)
     p.add_argument('-e', '--ecdsa-curve', default='nist256p1')
     p.add_argument('-o', '--output',
                    help='Output file name for the results. '
@@ -44,12 +45,16 @@ def main():
     if not args.filename:
         s = encode.Signer(user_id=user_id, created=args.time,
                           curve_name=args.ecdsa_curve)
-        pubkey = s.subkey(user_id='romanz')
+        if args.subkey:
+            pubkey = s.subkey()
+        else:
+            pubkey = s.export()
+
         ext = '.pub'
         if args.armor:
             pubkey = encode.armor(pubkey, 'PUBLIC KEY BLOCK')
             ext = '.asc'
-        filename = args.output or (s.hex_short_key_id() + ext)
+        filename = args.output or '-'  # use stdout if no file specified
         if filename == 'GPG':
             log.info('importing public key to local keyring')
             _call_with_input(['gpg2', '--import'], pubkey)

trezor_agent/gpg/test.sh

@@ -4,10 +4,10 @@ set -x -e -u
 gpg2 --full-gen-key --expert
 gpg2 --export > romanz.pub
 NOW=`date +%s`
-trezor-gpg -t $NOW "romanz" -o subkey.pub
+trezor-gpg -t $NOW -v --subkey "romanz" -o subkey.pub
 gpg2 -K
 gpg2 -vv --import <(cat romanz.pub subkey.pub)
 gpg2 -K
 
-trezor-gpg -t $NOW "romanz" EXAMPLE
+trezor-gpg -t $NOW -v "romanz" EXAMPLE
 gpg2 --verify EXAMPLE.sig