From ed531cfff80d76dad39ad2c322a1e552c0782e2a Mon Sep 17 00:00:00 2001 From: Roman Zeyde Date: Fri, 25 May 2018 08:43:22 +0300 Subject: [PATCH] Remove trailing whitespace git ls-files | xargs -n1 sed -e's/[[:space:]]*$//' -i --- doc/DESIGN.md | 12 ++++++------ doc/INSTALL.md | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/doc/DESIGN.md b/doc/DESIGN.md index 28bc064..598899c 100644 --- a/doc/DESIGN.md +++ b/doc/DESIGN.md @@ -12,11 +12,11 @@ So when you `ssh` to a machine - rather than consult the normal ssh-agent (which ## Key Naming -`trezor-agent` goes to great length to avoid using the valuable parent key. +`trezor-agent` goes to great length to avoid using the valuable parent key. -The rationale behind this is that `trezor-agent` is to some extent condemned to *blindly* signing any NONCE given to it (e.g. as part of a challenge respone, or as the hash/hmac of someting to sign). +The rationale behind this is that `trezor-agent` is to some extent condemned to *blindly* signing any NONCE given to it (e.g. as part of a challenge respone, or as the hash/hmac of someting to sign). -And doing so with the master private key is risky - as rogue (ssh) server could possibly provide a doctored NONCE that happens to be tied to a transaction or something else. +And doing so with the master private key is risky - as rogue (ssh) server could possibly provide a doctored NONCE that happens to be tied to a transaction or something else. It therefore uses only derived child keys pairs instead (according to the [BIP-0032: Hierarchical Deterministic Wallets][1] system) - and ones on different leafs. So the parent key is only used within the device for creating the child keys - and not exposed in any way to `trezor-agent`. @@ -26,7 +26,7 @@ It is common for SSH users to use one (or a few) private keys with SSH on all se So taking a commmand such as: - $ trezor-agent -c user@fqdn.com + $ trezor-agent -c user@fqdn.com The `trezor-agent` will take the `user`@`fqdn.com`; canonicalise it (e.g. to add the ssh default port number if none was specified) and then apply some simple hashing (See [SLIP-0013 : Authentication using deterministic hierarchy][2]). The resulting 128bit hash is then used to construct a lead 'HD node' that contains an extened public private *child* key. @@ -42,10 +42,10 @@ Note: Keepkey does not support en-/de-cryption at this time. ### Index -The canonicalisation process ([SLIP-0013][2] and [SLIP-0017][3]) of an email address or ssh address allows for the mixing in of an extra 'index' - a unsigned 32 bit number. This allows one to have multiple, different keys, for the same address. +The canonicalisation process ([SLIP-0013][2] and [SLIP-0017][3]) of an email address or ssh address allows for the mixing in of an extra 'index' - a unsigned 32 bit number. This allows one to have multiple, different keys, for the same address. This feature is currently not used -- it is set to '0'. This may change in the future. -[1]: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki +[1]: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki [2]: https://github.com/satoshilabs/slips/blob/master/slip-0013.md [3]: https://github.com/satoshilabs/slips/blob/master/slip-0017.md diff --git a/doc/INSTALL.md b/doc/INSTALL.md index db1addf..521714f 100644 --- a/doc/INSTALL.md +++ b/doc/INSTALL.md @@ -33,7 +33,7 @@ If you are using python3 or your system `pip` command points to `pip3.x` dependencies instead: $ zypper install python3-pip python3-devel python3-tk libusb-1_0-devel libudev-devel - + ##### macOS There are many different options to install python environment on macOS ([official](https://www.python.org/downloads/mac-osx/), [anaconda](https://conda.io/docs/user-guide/install/macos.html), ..). Most importantly you need `libusb`. Probably the easiest way is via [homebrew](https://brew.sh/) @@ -76,7 +76,7 @@ gpg (GnuPG) 2.1.15 $ git clone https://github.com/romanz/trezor-agent $ pip3 install --user -e trezor-agent/agents/trezor ``` - + Or, through Homebrew on macOS: ``` @@ -95,9 +95,9 @@ Then, install the latest [keepkey_agent](https://pypi.python.org/pypi/keepkey_ag ``` $ pip3 install keepkey_agent ``` - + Or, on Mac using Homebrew: - + ``` $ homebrew install keepkey-agent ```