gpg: replace TREZOR_GPG_USER_ID usage in gpg-agent mode

Use the keygrip to find the correct public key instead.
2026-04-22 06:16:26 +08:00 · 2016-10-18 15:32:29 +03:00
parent 34dc803856
commit bc64205a85
5 changed files with 77 additions and 90 deletions
--- a/trezor_agent/gpg/main.py
+++ b/trezor_agent/gpg/main.py
@@ -3,7 +3,6 @@
 import argparse
 import contextlib
 import logging
-import os
 import sys
 import time

@@ -17,17 +16,16 @@ log = logging.getLogger(__name__)

 def run_create(args):
    """Generate a new pubkey for a new/existing GPG identity."""
-    user_id = os.environ['TREZOR_GPG_USER_ID']
    log.warning('NOTE: in order to re-generate the exact same GPG key later, '
                'run this command with "--time=%d" commandline flag (to set '
                'the timestamp of the GPG key manually).', args.time)
-    conn = device.HardwareSigner(user_id=user_id,
+    conn = device.HardwareSigner(user_id=args.user_id,
                                 curve_name=args.ecdsa_curve)
    verifying_key = conn.pubkey(ecdh=False)
    decryption_key = conn.pubkey(ecdh=True)

    if args.subkey:
-        primary_bytes = keyring.export_public_key(user_id=user_id)
+        primary_bytes = keyring.export_public_key(user_id=args.user_id)
        # subkey for signing
        signing_key = protocol.PublicKey(
            curve_name=args.ecdsa_curve, created=args.time,
@@ -37,10 +35,10 @@ def run_create(args):
            curve_name=formats.get_ecdh_curve_name(args.ecdsa_curve),
            created=args.time, verifying_key=decryption_key, ecdh=True)
        result = encode.create_subkey(primary_bytes=primary_bytes,
-                                      pubkey=signing_key,
+                                      subkey=signing_key,
                                      signer_func=conn.sign)
        result = encode.create_subkey(primary_bytes=result,
-                                      pubkey=encryption_key,
+                                      subkey=encryption_key,
                                      signer_func=conn.sign)
    else:
        # primary key for signing
@@ -52,11 +50,11 @@ def run_create(args):
            curve_name=formats.get_ecdh_curve_name(args.ecdsa_curve),
            created=args.time, verifying_key=decryption_key, ecdh=True)

-        result = encode.create_primary(user_id=user_id,
+        result = encode.create_primary(user_id=args.user_id,
                                       pubkey=primary,
                                       signer_func=conn.sign)
        result = encode.create_subkey(primary_bytes=result,
-                                      pubkey=subkey,
+                                      subkey=subkey,
                                      signer_func=conn.sign)

    sys.stdout.write(protocol.armor(result, 'PUBLIC KEY BLOCK'))
@@ -80,6 +78,7 @@ def main():
    subparsers.dest = 'command'

    create_cmd = subparsers.add_parser('create')
+    create_cmd.add_argument('user_id')
    create_cmd.add_argument('-s', '--subkey', action='store_true', default=False)
    create_cmd.add_argument('-e', '--ecdsa-curve', default='nist256p1')
    create_cmd.add_argument('-t', '--time', type=int, default=int(time.time()))