diff --git a/setup.py b/setup.py index 6b63997..97fc549 100644 --- a/setup.py +++ b/setup.py @@ -9,6 +9,7 @@ setup( author_email='roman.zeyde@gmail.com', url='http://github.com/romanz/trezor-agent', packages=['trezor_agent'], + scripts=['trezor_agent/gpg/trezor-git-gpg-wrapper.sh'], install_requires=['ecdsa>=0.13', 'ed25519>=1.4', 'Cython>=0.23.4', 'trezor>=0.6.6', 'keepkey>=0.7.0', 'semver>=2.2'], platforms=['POSIX'], classifiers=[ diff --git a/trezor_agent/gpg/README.md b/trezor_agent/gpg/README.md index 2a38b71..5928699 100644 --- a/trezor_agent/gpg/README.md +++ b/trezor_agent/gpg/README.md @@ -1,24 +1,35 @@ -# Generate new GPG signing key: +# Using TREZOR as hardware GPG agent + +## Generate new GPG signing key: ``` $ export TREZOR_GPG_USER_ID="Satoshi Nakamoto " ``` -## Create new GPG identity: +### Create new GPG identity: ``` $ trezor-gpg create > identity.pub # create new TREZOR-based GPG identity $ gpg2 --import identity.pub # import into local GPG public keyring $ gpg2 --edit "${TREZOR_GPG_USER_ID}" trust # OPTIONAL: mark the key as trusted ``` -## Create new subkey for an existing GPG identity: +### Create new subkey for an existing GPG identity: ``` $ gpg2 --list-keys "${TREZOR_GPG_USER_ID}" # make sure this identity already exists $ trezor-gpg create --subkey > identity.pub # create new TREZOR-based GPG public key $ gpg2 --import identity.pub # append it to existing identity ``` -# Generate GPG signatures using a TREZOR device: +## Generate GPG signatures using a TREZOR device: ``` $ trezor-gpg sign EXAMPLE # confirm signature using the device $ gpg2 --verify EXAMPLE.asc # verify using standard GPG binary ``` + +## Git commit/tag signature: +``` +$ git config --local gpg.program "trezor-git-gpg-wrapper.sh" +$ git commit --gpg-sign # create GPG-signed commit +$ git log --show-signature # verify commits' signatures +$ git tag --sign "TAG" # create GPG-signed tag +$ git verify-tag "TAG" # verify tag signature +``` \ No newline at end of file