gpg: refactor cli
parent
7a7c9efc47
commit
1a228a1af6
@ -0,0 +1,22 @@
|
||||
# Generate new stand-along GPG identity
|
||||
|
||||
```
|
||||
$ USER_ID="Satoshi Nakamoto <satoshi@nakamoto.bit>"
|
||||
$ trezor-gpg create "${USER_ID}" > identity.pub # create new TREZOR-based GPG identity
|
||||
$ gpg2 --import identity.pub # import into local GPG public keyring
|
||||
$ gpg2 --edit "${USER_ID}" trust # OPTIONAL: mark the key as trusted
|
||||
```
|
||||
|
||||
# Generate new subkey for existing GPG identity
|
||||
```
|
||||
$ USER_ID="Satoshi Nakamoto <satoshi@nakamoto.bit>"
|
||||
$ gpg2 --list-keys "${USER_ID}" # make sure this identity already exists
|
||||
$ trezor-gpg create --subkey "${USER_ID}" > identity.pub # create new TREZOR-based GPG public key
|
||||
$ gpg2 --import identity.pub # append it to existing identity
|
||||
```
|
||||
|
||||
# Generate signatures using the TREZOR device
|
||||
```
|
||||
$ trezor-gpg sign EXAMPLE > EXAMPLE.sig # confirm signature using the device
|
||||
$ gpg2 --verify EXAMPLE.sig # verify using standard GPG binary
|
||||
```
|
@ -1,51 +0,0 @@
|
||||
#!/usr/bin/env python
|
||||
"""Check GPG v2 signature for a given public key."""
|
||||
import argparse
|
||||
import base64
|
||||
import io
|
||||
import logging
|
||||
|
||||
from . import decode
|
||||
from .. import util
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def original_data(filename):
|
||||
"""Locate and load original file data, whose signature is provided."""
|
||||
parts = filename.rsplit('.', 1)
|
||||
if len(parts) == 2 and parts[1] in ('sig', 'asc'):
|
||||
log.debug('loading file %s', parts[0])
|
||||
return open(parts[0], 'rb').read()
|
||||
|
||||
|
||||
def verify(pubkey, sig_file):
|
||||
"""Verify correctness of public key and signature."""
|
||||
stream = open(sig_file, 'rb')
|
||||
if stream.name.endswith('.asc'):
|
||||
lines = stream.readlines()[3:-1]
|
||||
data = base64.b64decode(''.join(lines))
|
||||
payload, checksum = data[:-3], data[-3:]
|
||||
assert util.crc24(payload) == checksum
|
||||
stream = io.BytesIO(payload)
|
||||
|
||||
signature, digest = decode.load_signature(stream, original_data(sig_file))
|
||||
decode.verify_digest(pubkey=pubkey, digest=digest,
|
||||
signature=signature['sig'], label='GPG signature')
|
||||
log.info('%s OK', sig_file)
|
||||
|
||||
|
||||
def main():
|
||||
"""Main function."""
|
||||
p = argparse.ArgumentParser()
|
||||
p.add_argument('pubkey')
|
||||
p.add_argument('signature')
|
||||
p.add_argument('-v', '--verbose', action='store_true', default=False)
|
||||
args = p.parse_args()
|
||||
logging.basicConfig(level=logging.DEBUG if args.verbose else logging.INFO,
|
||||
format='%(asctime)s %(levelname)-10s %(message)s')
|
||||
verify(pubkey=decode.load_public_key(open(args.pubkey, 'rb')),
|
||||
sig_file=args.signature)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
Loading…
Reference in New Issue