How to use the PGP agent?

[staltz]

I was able to start the SSH agent, but what about PGP? It isn't clear.

[btchip]

You have to use it with the client available at https://github.com/romanz/trezor-agent

[romanz]

@staltz I'd be happy to help with any PGP-related issue :)

[staltz]

Thanks @romanz. I just bought a Ledger Nano S and it's been working well for Bitcoin. Now I'm looking how to get PGP working. I follower the trezor instructions, with some pain because I have a Mac (macOS Sierra 10.12.1) while the instructions assume Debian. I set up most of the packages up until the point I did

./scripts/gpg-init "Andre Staltz <andre@staltz.com>"

And got the error:

Traceback (most recent call last):
  File "/usr/local/bin/trezor-gpg-create", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources/__init__.py", line 3095, in <module>
    @_call_aside
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources/__init__.py", line 3081, in _call_aside
    f(*args, **kwargs)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources/__init__.py", line 3108, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources/__init__.py", line 660, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources/__init__.py", line 673, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources/__init__.py", line 851, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (hidapi 0.7.99.post20 (/Users/staltz/Library/Python/2.7/lib/python/site-packages), Requirement.parse('hidapi==0.7.99.post15'), set(['keepkey']))

[romanz]

Thanks for reporting this issue :) KeepKey's Python library is specifying an exact version for its hidapi dependency (https://github.com/keepkey/python-keepkey/commit/8f57eb52b32f9f9adddcc23f867f7f717c0216c3#comments).

[romanz]

I've opened https://github.com/keepkey/python-keepkey/pull/8 for fixing this issue.

[romanz]

Meanwhile, you can remove keepkey dependency from trezor-agent setup.py file (since you are using ledgerblue Python package):

diff --git a/setup.py b/setup.py
index 11cbc13..92da613 100644
--- a/setup.py
+++ b/setup.py
@@ -10,7 +10,7 @@ setup(
     url='http://github.com/romanz/trezor-agent',
     packages=['trezor_agent', 'trezor_agent.device', 'trezor_agent.gpg'],
     install_requires=['ecdsa>=0.13', 'ed25519>=1.4', 'Cython>=0.23.4', 'protobuf>=3.0.0', 'semver>=2.2',
-                      'trezor>=0.7.6', 'keepkey>=0.7.3', 'ledgerblue>=0.1.8'],
+                      'trezor>=0.7.6', 'ledgerblue>=0.1.8'],
     platforms=['POSIX'],
     classifiers=[
         'Environment :: Console',

And re-install the updated trezor-agent using python setup.py install.

[staltz]

Thanks @romanz. I did that but now the tools seem even more brittle (probably for other reasons).

./scripts/gpg-init "Andre Staltz <andre@staltz.com>"

2016-11-27 22:10:29,966 WARNING      This GPG tool is still in EXPERIMENTAL mode, so please note that the API and features may change without backwards compatibility! [__main__.py:86]
Traceback (most recent call last):
  File "/usr/local/bin/trezor-gpg-create", line 11, in <module>
    load_entry_point('trezor-agent==0.8.0', 'console_scripts', 'trezor-gpg-create')()
  File "build/bdist.macosx-10.12-intel/egg/trezor_agent/gpg/__main__.py", line 90, in main_create
  File "build/bdist.macosx-10.12-intel/egg/trezor_agent/gpg/keyring.py", line 199, in gpg_version
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 566, in check_output
    process = Popen(stdout=PIPE, *popenargs, **kwargs)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 710, in __init__
    errread, errwrite)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1335, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

And if I try to run

trezor-gpg-agent --help

I get

Traceback (most recent call last):
  File "/usr/local/bin/trezor-gpg-agent", line 11, in <module>
    load_entry_point('trezor-agent==0.8.0', 'console_scripts', 'trezor-gpg-agent')()
  File "build/bdist.macosx-10.12-intel/egg/trezor_agent/gpg/__main__.py", line 103, in main_agent
IOError: [Errno 2] No such file or directory: '/Users/staltz/.gnupg/trezor/gpg-agent.conf'

[romanz]

I think that the gpg-init script is trying to run gpg2 and fails (although it's quite non-trivial to understand that from the convoluted error message above). Since gpg-init failed, it didn't create the configuration file for trezor-gpg-agent to use, which also failed to start. Did you installed GPG 2.1+ (as described here)?

[staltz]

My GPG version is 2.0.30 on macOS, and those install instructions assume Ubuntu.

[romanz]

I don't have a Mac, but it seems that GnuPG has binary releases for the latest versions: https://sourceforge.net/p/gpgosx/docu/Download/

[romanz]

You can probably also use homebrew: https://github.com/Homebrew/homebrew-versions/blob/master/gnupg21.rb

[romanz]

@fruitloop could you please advise on this issue? I'd be happy to update the documentation for trezor-agent for macOS :)

[staltz]

Thanks, installing through sourceforge worked.

[fruitloop]

Hi, I installed gnupg21 through brew on macOS. This got me the version gpg (GnuPG) 2.1.16 however I had GPGTools installed as well which gave me the mentioned version 2.0.30.

I "fixed" that by changing the scripts in a way that they use the full path to the version installed by brew rather than the version GPGTools put somewhere in the PATH variable.

[romanz]

@btchip I guess this issue can be resolved :)

[jonathancross]

I guess this issue can be resolved :)

Ping @TamtamHero @btchip