Closed Superpat closed 4 years ago
onlykey
commented
5 years ago @Superpat GPG support is definitely doable, its mostly a matter of man hours although there are some technical challenges. It's still on the road map just behind some other things. If any python developers out there are up for a challenge I would be happy to work with them to implement this feature.
haplo
commented
4 years ago I'm also very interested in GPG support. Is this something we can port from trezor-agent? Where would one begin? If you could define the work to be done in smaller steps that would be super helpful.
onlykey
commented
4 years ago @haplo Yes, we can and that was originally the plan. Trezor-agent will accept a PR to add OnlyKey support in - https://github.com/romanz/trezor-agent/issues/303
To start, I think this would involve:
Add new agent for OnlyKey here - https://github.com/romanz/trezor-agent/tree/master/agents
Add python-onlykey dependency as this is what is used to communicate with the OnlyKey
Get SSH working, there is basically a get public key function and a sign function that signs a blob. We do a similar thing to what trezor agent does but there are a couple of differences like we support specifying key type of p256 or ed25519. And we have slot variable (default 132) where you could choose a different key to use, so we would just need to merge this and have something where if the agent is OnlyKey you do it this way, else do it the way it currently is: Our method - https://github.com/trustcrypto/onlykey-agent/blob/b0ddb68b6f9b8d02f88d75ab81dea85b279a5d31/onlykey_agent/client.py#L53 trezor-agent - https://github.com/romanz/trezor-agent/blob/master/libagent/ssh/client.py
Finally get GPG working, if we get to this point I will be happy to do this. It will take some changes to both the OnlyKey firmware and python-onlykey but looks to be pretty straight forward just have to implement pubkey, sign, and ECDH - https://github.com/romanz/trezor-agent/blob/master/libagent/gpg/client.py
Thanks again for your willingness to look into this, it would be a great improvement to get this working.
onlykey
commented
4 years ago I have implemented support for OnlyKey, including:
SSH (ed25519 and nist256p1) GPG Sign (ed25519 and nist256p1) GPG Decrypt (curve25519 and nist256p1)
https://github.com/romanz/trezor-agent/compare/master...onlykey:onlykey-agent-merge
onlykey
commented
4 years ago @haplo @Superpat Let me know if you guys are interested in beta testing GPG.
haplo
commented
4 years ago @onlykey I am interested in beta testing. I mainly want to GPG-sign git commits. My current GPG key is RSA, so I will need to create a new one.
onlykey
commented
4 years ago @haplo The GPG will work the same as the SSH so you would not need to create a key (although I am adding feature to were you can use custom key). You don't have to create a key, this is one of the main benefits to the agent, unique key is generated based on input, this is how SSH can support an unlimited number of keys - https://docs.crp.to/onlykey-agent.html
onlykey-agent test@test.com creates a different key then onlykey-agent test2@test.com
It is the same by default for the GPG agent. You create an identity such as <name "user@domain.com"> and a unique key is created.
onlykey
commented
4 years ago GPG support has been implemented - https://docs.crp.to/upgradeguide.html
Is GPG support still on the roadmap ?
Is the only problem here man hours, or is there an unsolved technical problem ? Issue #7 was never answered, but asks this question as well.
I have just received my Onlykey and would love to be able to use it as the GPG key for pass(1).